Communications Authority (CA) says Kenya has witnessed an upsurge in “the frequency, sophistication and scale” of cyber-threats targeted at the country’s critical information infrastructure (CIIs) in 2023.
“In the last 12 months alone, the attacks have skyrocketed to a new high of 860 million cyber-attacks. Of these attacks, 79% were a result of cyber criminals exploiting flaws and vulnerabilities in organizations’ internal controls, system procedures and information systems, which they used to gain unauthorized access to the computer systems,” the authority says in a new statement.
This is in comparison to six years ago when CA says cyber-attacks in the country stood at 7.7 million annually.
“Malicious software accounted for 14% of the attacks, while Distributed Denial of Services (DDoS) accounted for 6.5%, followed by attacks targeted at web applications,” the communications regulator adds.
CA says the latest numbers make Kenya among the top three most targeted countries in Africa behind Nigeria and South Africa.
In July, Kenya suffered a high-profile cyber-attack on the eCitizen platform which saw access to over 5,000 government services from ministries, county governments and agencies paralysed.
The attack was by hackers who identified themselves as Anonymous Sudan.
However, ICT Cabinet Secretary (CS) Eliud Owalo said no data was lost during the attack.
A January 2023 report by the communications regulator shows that the most targeted industries in Kenya by cyber-attackers are financial services, healthcare, education, energy and utilities, as well as government agencies.