Large companies operating in Kenya have been the worst hit by cybercriminals according to a report by Liquid C2.
The Evolving Cyber Security Landscape in Africa 2022 report by the pan-African technology group suggests that 90pc of companies operating in Kenya reporting a data breach within the last one year.
Cybercriminals have intensified their hacks despite heavy investments local companies have deployed to safeguard their systems, suggesting a rapidly changing cyber crime world.
“The research highlights that over half of all large enterprises in the three countries were victims of a successful cyberattack, with 90pc of them being Kenyan businesses. Increasingly sophisticated methods like Cybercrime-as-a-Service (CaaS) are becoming more popular in Africa, meaning businesses can no longer rely on outdated technologies and processes,” said David Behr, Liquid C2 Chief Executive Officer.
According to the report, despite 85pc of Kenyan companies investing in advanced endpoint protection such as firewalls to mitigate threats, 82pc of businesses said cyber security threats had increased over the past year compared 62pc in South African, same as Zambia.
“The biggest concern emerging from this report is that companies are saying that they’ve put a lot more cyber security controls in place. With threats evolving faster than security systems, companies cannot afford to get complacent,” said Behr.
The firm’s findings indicate that to mitigate cyber threats, 65pc of the business use data backup, 40pc secure VPN and remote access, 38pc use web content filtering and malware while only 28pc us email content filtering and malware.
Additionally, 82pc of companies in Kenya have been forced to beef up their IT staff by hiring cyber security personnel.
Liquid C2 says top method of attack used by cybercriminals targeting companies include email through phishing or spam attacks at 61pc, with attacks through compromised passwords following at 48pc and data breaches and attacks at 44pc being the second and third most common.
“The report highlights that businesses must be consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use to breach cyber security measures. As the report shows, complacency is a luxury no one can afford,” added Behr.
61pc of the companies included in the research said that the breaches to their operations occurred as a result of remote or hybrid working.
While the report by Liquid C2 did not highlight the origin of attacks coming into Kenya, the country’s high internet adoption has increased vulnerability to firms and individual internet users.
Third quarter statistics by the Communications Authority indicate that total cyber threats detected reduced 24.9pc from 249.99 million to 187.76 million while advisories increased 0.9pc to 3.58 million from 3.56 million.
Leading threats to businesses and users according to CA include malware, DDOS, web application attacks and system vulnerabilities.