Governments and Telecoms a top target for Cyber Attacks in East Africa
NAIROBI, JUNE 24 – Governments are the target sector for 33 percent of cyber attacks in East Africa closely followed by the telecommunications sector at 22 percent according to analysis by Control Risks’ cyber-threat intelligence team. Financial services follow closely at 17 percent.
“Contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organisations are fast becoming a target for attacks with local subsidiaries particularly attractive as the ‘cyber’ route into these multinationals,” Control Risks’ says.
The group observes that attacks are increasing rapidly and in severity with a 42 percent increase in the number of targeted attacks reported globally between 2015 and the first half of 2016. The group notes that for East Africa, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyber attack techniques this year and in Kenya alone, the estimated costs for the country due to cyber crime are in the region of more than Kshs 2 billion ($23m) .
While the Kenyan government in 2012 responded by setting up of the Kenya National Computer Incident Response Team Coordination Centre and the development of the national cyber security strategy in 2014, public and private sector organisations need to interpret what the policies mean for them and to adopt a “paper to practice” model for their organisation.
“Despite a growing number of media headlines about US or EU based companies falling victim to a cyber breach, the lack of obligation in many emerging markets to report on incidents is creating a false illusion that businesses operating in these markets are not subject to cyber attacks. In fact many organisations with bases in these emerging markets are prime targets and seen as the ‘weak underbelly’ when it comes to an organisation’s cyber security,” says Patrick Matu, Control Risks’ Compliance, Forensics and Cyber expert for East Africa.
Matu adds that Cyber security still isn’t given enough priority by business leaders in the region as it’s often seen as an isolated IT problem and not a business issue. “It’s important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team,” he argues.
Control Risks is advising that businesses need to continually review their IT security measures in tandem with the evolving world of cyber criminality. This should include an on-going review of the cyber threat landscape to understand what kinds of threats the business might face and adjusting security measures accordingly.