BY ANTONY MUTUNGA
Cybercrime has continued to grow alarmingly all over the world. In fact, according to the Ninth Annual Cost of Cybercrime Study by Accenture and the Ponemon Institute, the average number of reported security breaches in 2018 rose by 11% from 130 to 145. It is quite high considering that the study only includes research from 11 countries.
The rate is faster in Africa where more and more people, as well as organizations, continue to fall victim to cyber-attacks. According to the 2017 Africa cybersecurity report by Serianu, the estimated cost of cyber-crime on Africa is $3.5 billion as compared to $2 billion in 2016. This rise in cyber-crime activity has been as a result of the continent increasing its use of technology despite not having the right security to handle such crimes. In fact, according to the Serianu report, over 90% of African organizations are below the security poverty line.
In Kenya, the case is the same as it is for Africa, cyber-crime activity increases with each passing day. According to the October-December 2018/19 statistics by the Communications Authority of Kenya (CA), the number of cyber threats targeted at Kenya’s cyber-space stood at over 10.2 million increasing from 3.8 million in the previous quarter. Some of the cyber activities detected varied from denial of service (DOS) attacks to online impersonations.
This is attributable to the fact that Kenya is tech savvy. Having bypassed credit cards and debit cards and moved to M-Pesa, the country had leaped and gotten closer to the developed world in terms of technology advancement. Ever since, the country is characterized as a technology hub for the African continent. According to the first quarter sector statistics report for the financial year 2018/2019 by CA, mobile penetration in the country passed the 100% mark and stood at 100.1% after it rose by 2.3% from 97.8% in the last quarter.
As a result of the increase in mobile penetration and a lack of understanding of the security needed to ensure they are safe from cyber-attacks, many Kenyans are targets of cyber-crime. According to Kaspersky Lab, one of the leading cybersecurity firms, Kenya is among the top 10 countries where the share of users attacked by mobile malware is high. Even though the percentage for Kenya stood at 16.27%, it was enough to place it at position nine on the list. Other African countries included in the list are Algeria, which took the 4th position while Nigeria and Tanzania took position 5 and 7 respectively.
Apart from affecting mobile users, cyber-crime in organizations has also been on a rise in the country. The Central Bank of Kenya (CBK) Governor, Dr Patrick Njoroge has also come to the same conclusion, confirming a rise in cyber-attacks. This has especially been a problem for banking institutions where a majority of them have fallen victim to hacking. It is evident, as the Directorate of Criminal Investigations (DCI)’s Economic Crimes Unit had issued an arrest for 130 individuals during the start of 2019, who are suspected of being involved in bank fraud in the last half of 2018. The CBK Governor also advised banks to tighten their systems in order to be safe from attacks. As a result, Kenya has recorded increasing cyber-crime losses over the years, increasing from Sh14 billion in 2015 to Sh25.9 billion in 2018.
Recently, Kenya faced a cyber-attack by a single hacker that was compared to the 2012 cyber-crime that brought down 103 government websites. A group from Indonesia known as the Kurd Electronic Team took over 18 Government of Kenya websites. The hack took the ICT authority over 24 hours to be restored. Some of the sites targeted include those of the National Development Implementation and Technical Communication (NDICT), the National Environment Management Authority (NEMA) and ICT Authority-run Integrated Financial Management Information Systems (IFMIS). The CA, which is the agency supposed to protect all government sites from malicious attack, said that the websites were not hacked; they were only defaced. Defacing refers to an attack whereby one changes the visual appearance of the website. The government websites defaced, the agency said, were those that dealt with sharing information with the public, insisting that the sites not connected to any core government systems.
This was among a number of other cyber-crimes the government has faced in the span of ten years. In 2017, the Communications Authority of Kenya website was hacked by a hacker group named AnonPlus. The group replaced their homepage with a five-point hackers’ manifesto which promised to defend freedom of information, freedom of the people and emancipation of the latter from the oppression of media and those who govern. In 2012, an Indonesian hacker referred to as the Direxer defaced more than 100 Kenya government websites. The websites affected included those of the Ministries of Local Government, Livestock, Environment, Fisheries, Housing, and Industrialisation.
Just like the rest of Africa, this goes to show how Kenya is unprepared when it comes to protecting itself from hackers. Cyber-security in the country is at an all-time low not only in the government but also in organizations and individuals. It is time that Africa focuses on security as it advances further in terms of technology. Heading into the future cyber-security will be the difference between successful nations and those that are left behind.