Kenya has emerged as a focal point for cyber threats in Africa, as indicated by findings from Kaspersky, a leading computer security firm.

In the third quarter of 2023, Kaspersky reported a 32% increase in detected phishing attacks in Kenya compared to the previous quarter (Q2 2023) and a 12% rise compared to the same period in 2022. Phishing attacks involve deceptive strategies aimed at coaxing individuals into revealing sensitive information like login credentials, financial data, or personal details.

Moreover, Kenya accounted for 12% of the recorded attacks on Internet of Things (IoT) devices across the African region during this period. Additionally, Kaspersky highlighted that 32% of Industrial Control System (ICS) computers in Africa experienced attacks, with Kenya’s ICS machines being targeted in 28% of cases. Globally, malicious objects were identified on 25% of ICS machines during this timeframe. Given that Industrial Control Systems oversee crucial industrial processes, attacks on these systems pose severe consequences, intensifying concerns over their security.

Bethwel Opil, Enterprise Client Lead at Kaspersky in Africa, emphasized, “In projecting the cyberthreat landscape for 2024, we anticipate a dynamic shift characterized by an increase in state-sponsored cyber-attacks, with ‘hacktivism’ becoming a common aspect of cyber-warfare.”

Opil further stated, “The widespread availability of generative AI is expected to drive a surge in spear-phishing tactics, while the inventive exploitation of vulnerabilities in mobile and IoT devices will escalate. Businesses need to proactively combat these cyber threats by leveraging advanced technologies such as threat feeds, security information and event management systems, endpoint detection and response solutions, and tools incorporating digital forensics and incident response features.”

Kaspersky recommends implementing more robust security measures, especially for organizations. These measures encompass regular cyber skill assessments for employees, consistent software updates, and the utilization of dedicated IoT gateways to ensure inherent security and data transfer reliability.