NAIROBI, Kenya, Jun 27 – Kenya loses an estimated Sh2 billion per year in cyber crime, says a new report by Control Risks East Africa.
This is despite the formation of Kenya National Computer Incident Response Team Coordination Centre launched in 2012 and the development of the national cyber security strategy in 2014.
According to the report, Kenya is among other developing markets being targeted for cyber crimes, which is despite the notion that cyber attackers only target developed markets.
“Contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organisations are fast becoming a target for attacks with local subsidiaries particularly attractive as the ‘cyber’ route into these multinationals,” said the report.
The report further lists governments in East Africa as the top target sector for cyber attacks at 33 percent while telecommunications at 22 percent and financial services 17 percent follow in close succession.
It also notes that for the region, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyber attack techniques in 2016
Patrick Matu, Compliance, Forensics and Cyber expert explained that a false illusion has been created whereby only companies in the US and the UK are reporting of cyber breach making them look like the only targets.
“The lack of obligation in many emerging markets to report on cyber breach incidents is creating a false illusion that businesses operating in these markets are not subject to cyber attacks. In fact many organizations with bases in these emerging markets are prime targets and seen as the ‘weak underbelly’ when it comes to an organization’s cyber security,” he added.
Matu further explains that cyber security is often seen as an isolated IT problem and hardly a business issue, proving that the issue is not a priority yet.
“It’s important that cyber security is demystified at a senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team.”
He therefore recommends organisations to continually review their IT security measures which should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting security measures accordingly.
The report comes at a time when there has been a 42 percent increase in the number of targeted attacks reported between 2015 and Quarter 1- Quarter 2 2016 globally.