Governments and Telecoms are the Top Targets for Cyber Attacks in East Africa

Reports by security experts reveal cyber criminals are mostly targeting government (33%), Telecommunications (22%), and financial services (17%). This report is contrary to popular believes that cyber criminals are largely targeting multination corporations operating in the developed markets.

East Africa organizations are fast becoming a target for attacks with local subsidiaries particularly attractive as the ‘cyber’ route into these multinationals.

According to Control Risks’ (www.ControlRisks.com) cyber threat intelligence team:

Attacks are increasing rapidly and in severity: Globally there has been a 42% increase in the number of targeted attacks reported between 2015 and Q1-Q2 2016

For East Africa, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyber-attack techniques in 2016

In Kenya alone, the estimated costs for the country due to cybercrime costs sums up to 2 billion Kenyan shillings ($23m) +

The Kenyan Government has made great strides with the formation of Kenya National Computer Incident Response Team Coordination Centre (KE_CIRT/CC) launched in 2012 and the development of the national cyber security strategy in 2014, it is however key for the public and private sector organizations to interpret what the policies mean for them; essentially adopt a “paper to practice” model for their organization

Patrick Matu, Compliance, Forensics and Cyber expert for East Africa comments:

“Despite a growing number of media headlines about US or EU based companies falling victim to a cyber breach, the lack of obligation in many emerging markets to report on incidents is creating a false illusion that businesses operating in these markets are not subject to cyber-attacks.

In fact many organizations with bases in these emerging markets are prime targets and seen as the ‘weak underbelly’ when it comes to an organization’s cyber security.”

Matu continues:

“Cyber security still isn’t given enough priority by business leaders in the region as it’s often seen as an isolated IT problem and not a business issue. It’s important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team.

As the world of cyber criminality continues to evolve, it’s important that businesses continually review their IT security measures. This should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting your security measures accordingly – not forgetting making sure all employees are aware of the potential threats and how to respond.”