In 2018, cyberattacks cost the Kenyan economy 30 Billion shillings (Kshs 29.5 B to be precise). This is according to the most recent annual report published by cybersecurity firm Serianu. The latter coupled with the recent attacks to websites in the region has placed the state of cybersecurity in Kenya in the spotlight once again. As such, a need exists for the developed world to aid in training experts in cybersecurity, and more co-operation should be initiated between developed and developing countries. The report also estimates that Kenya only houses 1,700 skilled cybersecurity professionals, with 60 percent of companies facing a shortage – alluding to a need for more education, exposure and adoption.
It is said that within Kenya, the financial sector is the hardest hit by cyberattacks – research has found that in late 2018, banks accounted for 18 percent of the attacks, while payment systems accounted for 10 percent of the attacks. “As organisations continue to pursue a fully digitally transformed future, threats within the cyberspace will continue to become more advanced in not just the financial sector, but in many industries across the region. This will leave individuals and organisations alike with no choice but to turn to the ever-improving capabilities that advanced technologies and solutions bring with it – and this is what encompassed our goal for this event. We are passionate about this and recognise the dire need to not only inform but also enable organisations in this regard” says Sebuh Haileleul, Country Manager for Microsoft in Kenya.
Microsoft recently published the 24th and latest edition of its Security Intelligence Report. The report aims to delve into the cybersecurity events that took place over the past 12 months and includes an overview of the threat landscape, lessons learned from the field and recommended best practices – this was unpacked at the event.
The report identified four key trends that have risen to the forefront in the plight against cybersecurity and that look to remain prominent through the remainder of 2019 “From our ongoing research, we found that in the past year ransomware attacks as a vector declined, software supply chains became a risk, cryptocurrency mining prevalent and that phishing still remains the preferred attack method,” says Sebuh. “While this may indicate progress in blocking ransomware attacks against organisations, it also draws our attention to new avenues now being identified for attacks – otherwise very easily ignored by organisations as a recognisable ‘pathway’ for penetration.”
Besides trends identified from the Security Intelligence Report – notable ongoing trends to look out for in 2019 and beyond were also unpacked. “The use of AI to combat cybersecurity to fill crucial gaps by analysing a vast ocean of threat data to prevent attacks before they occur is a factor that organisations, through partnering with the correct solutions provider, remains pivotal. Furthermore, the cloud is and still will be imperative to securing the modern workplace. Lastly, quantum computing, although still in its infancy will require threat analysts to keep an eye on what advances in quantum computing would mean for security in 2019 and beyond,” says Sebuh Haileleul at Microsoft
According to a report by the Communication Authority of Kenya covering the period October and December 2018, cybersecurity threats in Kenya increased by 167% to 10.2 million from 3.8 million threats detected in the previous quarter. “While there will always be new threats, new attacks and new technologies, statistics like these should urge companies to take action immediately to address security concerns, improving their security postures. It is critical for companies to strengthen their core security hygiene (across things like monitoring, antivirus, patch and operating systems), adopt modern platforms and comprehensive identity, security and management solutions,” continues Haileleul.
“We believe that security is a journey and not a destination. We hope that by keeping to our commitment to the region, constantly keeping our pulse on cybersecurity advancements as well as continually educating the public, that holistic progress will be made to combat and successfully mitigate all risk associated with attacks,” concludes Sebuh.