Kenyan Businesses losing Kshs. 15 Billion in Cyber Security attacks – Report



Kenya has in the recent past seen increased internet security threats which range from hacking, to stolen digital identities and even  malicious take down of content. The cases have mostly affected business but individuals have also suffered from these incidents. Keen on tackling these increasing cases, the Communication Authority of Kenya created new rules. Among these measures included the setting up of a forensic laboratory in the next three months which, will monitor imminent threats, thwart possible attacks besides working with the Judiciary to tackle such incidents. Currently the National Computer Incident Response Team  handles cyber security incidents and the lab is set to bolster these efforts.

According to a new study,  80 per cent of Kenyans connected to the Internet are vulnerable to cybercriminal attacks. The State of Cybersecurity in Kenya which was carried out by cyber security consulting firm Serianu in partnership with PKF consulting and USIU Africa, shows that the vast majority of private companies and public sector organizations also remain very exposed to cyber crime and internal IT fraud with 70% of them exposed to cyber-criminal attacks. The Kenya Cyber Security Report 2015 found that on average most medium sized organisations with over 70 employees in Kenya have at least two vulnerable computer servers and up to fifteen infected computers that were already hacked into by cybercriminals. The most vulnerable businesses and home owners are those that have installed low cost home routers, Closed Circuit Television (CCTV) systems and public email servers on their networks. 

Serianu’s study also reports that the annual cost of cybercrime to Kenyan companies is estimated to be KES 15 billion (USD146 Million). The study further breaks down the losses per industry, citing the public sector as the most affected having losing approximately KES 5 billion per year followed by the financial services sector at KES 4 billion and manufacturing and industrials at KES 3 billion in third place. The telecommunications, media and technology and other sectors are estimated to lose  about KES 2 billion and KES 1 billion respectively. Serianu conducted a technical assessment of the Kenyan cyber space by performing a scanning exercise of Kenyan IP addresses of publicly accessible administrative interfaces and which ordinarily are procured with a default password. Three quarters of the IP addresses scanned during the study were found to be vulnerable to remote attacks.

The top four sources of cyber security attacks, the report lists the US with the highest number at 20% followed by China, Russia and Venezuela at 19%, 11% and 10% respectively.