Cyber-attacks on Kenyan businesses have increased by 82 percent, 90 per cent of these having experienced a data breach in the past year.
This is according to a Pan-African cyber security 2022 report released by Liquid C2, a business unit of Liquid Intelligent Technologies.
The report titled ‘The Evolving Cyber Security Landscape in Africa 2022,’ also covered South Africa and Zambia, where it revealed that these countries recorded an increase of 77 per cent and 62 per cent in cybercrime, respectively.
Liquid C2 collated its research, analysis and findings around Africa’s evolving cyber security threats.
According to the report, research has it that there has been a significant change in how decision-makers perceive cyber security and how it has become one of the organisation’s top priorities, with Kenya showing the most marked shift in awareness overall.
“Decision-makers have become increasingly focused on risk mitigation strategies, cyber security investments and robust policies designed to ensure that their organisations don’t fall victim to a threat that’s become both deadly and sophisticated,” the report reads in part.
Liquid C2 CEO David Behr said businesses must be consistently vigilant about the ever-evolving cybercrime landscape and methods malicious actors use to breach cyber security measures.
"The biggest concern emerging from this report is that companies are saying that they've put a lot more cyber security controls in place. With threats evolving faster than security systems, companies cannot afford to get complacent," he said.
"As the report shows, complacency is a luxury no one can afford.”
The report stated that all the respondents highlighted that they had advanced significantly in their cloud and digital strategies and cyber security capabilities.
Furthermore, the majority (68 per cent) of the companies interviewed in the research said they had appointed cyber security staff members or signed up with a cyber security team in the past year.
In Kenya, some of the cyber security measures put in place to mitigate cyber threats with remote/ hybrid working include 85 per cent being advanced endpoint protection such as firewalls, HIPS and malware.
About 65 per cent of businesses have put in place data backup, 40 per cent secure VPN and remote access, 38 per cent web content filtering and malware and 26 per cent email content filtering and malware.
This is despite Kenya having a significantly smaller percentage of companies (32 per cent) adopting a hybrid model, while most are either fully remote or in the office.
On business tendencies, 82 per cent of these have appointed cyber security staff.
The top three concerns around cyber security in 2022 were hacking and gaining unauthorised access to the organisation’s information systems and assets which stood at 72 per cent.
40 per cent were cyber attacks such as ransomware, and phishing while theft of personal information stood at 35 per cent.
“68 per cent of Kenyan businesses said email attacks like phishing and SPAM were the biggest threats in 2022,” the report read.
On cloud-based services, 62 per cent of enterprises were concerned about managing access of information, 60 per cent on data loss and recovery while 55 per cent were concerned about visibility and control of data stored.
On the other hand, the report shows that 72 per cent of companies use Microsoft Office 365 for cloud-based services, 62 per cent use Google while 60 per cent use online meetings such as Zoom, Skype and Teams.
Behr said increasingly sophisticated methods like Cybercrime-as-a-Service (CaaS) are becoming more popular in Africa, meaning businesses can no longer rely on outdated technologies and processes.
“It is time companies invested in a partner that provides all-round protection, rapid response, threat intelligence and prevention, compliance and improved business reputation, all designed to cater to the specific needs of businesses,” he said.
One of the most concerning revelations in the report is that Africa faces a growing 100,000-person gap in the number of certified cyber security professionals.
It is estimated that there are only 7,000 certified cyber security professionals, or one for every 177,000 people on the continent.
“However, this number may disguise the true magnitude of the problem as there is no readily available data on the level of investment made by African governments into cyber security,” the report read.
“There is an increasing need for companies to invest in cyber security measures to avoid reputational damage, financial loss, and potential business interruptions.”
Additionally, the report added, it reinforces how vital it is for organisations to collaborate with trusted third-party Managed Security Services Providers (MSSPs) to implement and refine their cyber security strategies.