Kenya is among African countries facing a possible increase in cybercrime this year, amid economic uncertainty occasioned by the Covid-19 pandemic.
Experts at global cybersecurity firm–Kaspersky, expect growing economic turbulence along with the impact of Covid-19 to also contribute to an increase in cybercrime across South Africa and Nigeria.
Even though every country globally has had to deal with the pandemic in its own way, developing economies across Africa have been hard hit by national lockdowns and limited business activity, the firm notes.
“And thanks to the increased connectedness of people, the rise in unemployment will not only see a spike in traditional crime, but this will also extend to the digital environment – something we are already seeing,” Lehan van den Heever, Enterprise Cyber Security Advisor for Kaspersky in Africa, said yesterday.
While the increase in these crimes will vary by country, African nations must prepare themselves for the inevitability of increases in malware that already topped 28 million by August last year, according to Kaspersky research.
Adding further pressure to the cyberattacks is an expected rise, along with changes in strategy, in Advanced Persistent Threats (APTs).
“Our researchers anticipate that in 2021, across the globe though where Africa is not immune, there will be a change in threat actors’ approach to the execution of APT attacks," van den Heever said.
It notes organisations must pay special attention to generic malware as it will likely be used to deploy more sophisticated threats.
Compounding this is the concern around hackers-for-hire and cyber mercenary groups targeting SMEs and financial institutions.
Businesses are under pressure to differentiate themselves in a highly competitive market as they struggle to survive these trying times, amplified further by the effects of Covid-19.
“The current landscape may likely lead to bankruptcy and an increase in legal disputes in court. This makes an ideal breeding ground for these malicious groups to operate in. And although such activity has not been rife in Africa yet, the region is not immune to this cyber threat,” van den Heever said.
Cyber-mercenaries are hired to search for sensitive, private information that can be used in disputes to win court rulings or to steal business trade secrets and provide their ‘employers’ with competitive intelligence to get ahead in the market.
Additionally, Kaspersky believes that the normalisation of remote working will further put existing organisational IT systems under pressure as companies now must content with an influx in connections into the corporate back-end.
According to the firm's experts,more companies are exposing their systems online while their focus turns to always-on availability.
However, few have considered how to adapt their cybersecurity controls to this new environment.
“This results in some databases and systems inevitably being left open to intruders,”van den Heever said.
van den Heever expects data breaches across Africa to increase in the coming months with many companies racing to tighten their security.
“This year is going to be a watershed for cybersecurity as organisations start realising the importance of having an integrated and threat intelligent approach to safeguard their systems and data against increasingly sophisticated threat agents,” he said.
Last year, internet users in Kenya faced more malware attacks in the continent as the country remained among the most affected by cyber attacks.
Kaspersky security solutions in September reported 28 million malware attacks in 2020 and 102 million detections of potentially unwanted programs (pornware, adware among others), where South Africa, Kenya and Nigeria were the most affected.
The Communications Authority of Kenya has been implementing a cyber security management framework to help wade off cyber attacks in the country.
To mitigate cyber threats and foster a safer Kenyan cyberspace, the government established the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC), a multi-agency collaboration framework which is responsible for the national coordination of cyber security, as Kenya’s national point of contact on cyber security matters.
This in accordance with the provisions of the Kenya Information and Communications Act.
The enactment of the Computer Misuse and Cyber Crimes Act of 2018 has gone a long way in strengthening this multi-agency collaboration framework, among other key facets that support national cyber security resilience.
The National KE-CIRT/CC detects, prevents and responds to various cyber threats targeted at the country on a 24-hours, seven days a week basis, having commenced round-the-clock operations in 2017.