Organisations in Kenya have become susceptible to financial malware as more employees work outside the relative safety of the corporate network, a research by Kaspersky indicates.
Although the cybersecurity firm notes overall number of financial malware attacks in the country has decreased in the first half of 2021, compared to the same period in 2020, corporates and businesses remain exposed.
Malware (malicious software) is the collective name for a number of malicious software variants, including viruses, ransomware and spyware.
It typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorised access to a network.
About 29.3 per cent of the 7,962 attacks recorded in the country (in the first half ) targeted corporate users which is a cause for concern, warn Kaspersky experts.
“As local businesses have continued to adjust to remote work scenarios and the rest of the circumstances surrounding the Covid-19 pandemic, we have continued to witness cybercriminals using this to their advantage, exploiting the situation however they can,” said Bethwel Opil, enterprise sales manager at Kaspersky, Africa.
According to the firm, cybercriminals are more commonly targeting unsuspecting corporate users in Kenya as a way to compromise corporate systems.
“Simply put, organisations in Kenya have become susceptible to financial malware as more employees work outside the relative safety of the corporate network,"Opil notes.
adding:"The normalisation of a distributed workforce makes ensuring the protection of the personal endpoint devices of people, who need to access back-end systems to continue performing their job functions, that much more critical."
In addition to securing these devices, cybersecurity training of employees remains a key component to defend against the growing scourge of financial malware that uses phishing techniques to target individual users.
“It is especially financial phishing that has become one of the most popular tools used by cybercriminals to make money. It does not require much investment or technical expertise from a hacker and can be propagated quickly,” Opil notes.
In most cases, successful scammers win access either to the victim’s money or data that can be sold or otherwise monetised.
“For any business this points to how important it is to address one of the weakest links in the cybersecurity chain–that of the individual user. It also signifies the importance of remaining vigilant from a cybersecurity perspective, especially during difficult operating conditions,” notes Opil.
Some of the best practice to embrace include having employees only install applications from reliable sources, such as official app stores.
Even so, they must always examine the permissions the application requests, the firm advices.
If these permissions do not match the intended function of the programme, then it must be questioned and brought to the attention of the IT administrator, it adds.
Companies and consumers alike must also install trusted security solutions on all devices connecting to the internet, to help safeguard against a range of financial cyber threats.
And throughout this, it remains important to ensure all software have the latest security patches and updates installed, experts at the firm say.
Beyond the fundamental cybersecurity solutions and training, companies must also consider using the likes of anti-advanced persistent threat (APT) and endpoint detection and response (EDR) technologies to further shore up the defensive posture of their network environment.
“With the landscape unlikely to change for the foreseeable future, it is best to combine sophisticated cybersecurity solutions with continuously evolving training to keep employees appraised of the latest threats especially when it comes to financial malware,” Opil said.
Early this year, Kenya listed among African countries facing a possible increase in cybercrime.
Growing economic turbulence along with the impact of Covid-19 are said to be key contributors to an increase in cybercrime.
Kaspersky security solutions in September reported 28 million malware attacks in 2020 and 102 million detections of potentially unwanted programs (pornware, adware among others), where South Africa, Kenya and Nigeria were the most affected.