In East Africa, governments are the top target sector for cyber attacks (33%). Telecommunications (22%) and financial services (17%) follow in close succession. Contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organisations are fast becoming a target for attacks with local subsidiaries particularly attractive as the ‘cyber’ route into these multinationals.
According to Control Risks’ cyber threat intelligence team, attacks are increasing rapidly and in severity: Globally there has been a 42% increase in the number of targeted attacks reported between 2015 and Q1-Q2 2016. The team found that for East Africa, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyber attack techniques in 2016 while in Kenya alone, the estimated costs for the country due to cyber crime costs sums up to Kshs 2 billion (US $23 million). And even though the Kenya government has made great strides with the formation of Kenya National Computer Incident Response Team Coordination Centre (KE_CIRT/CC) launched in 2012 and the development of the national cyber security strategy in 2014, it is key for the public and private sector organisations to interpret what the policies mean for them; essentially adopt a “paper to practice” model for their organisation.
Patrick Matu, Compliance, Forensics and Cyber expert for East Africa comments: “Despite a growing number of media headlines about US or EU based companies falling victim to a cyber breach, the lack of obligation in many emerging markets to report on incidents is creating a false illusion that businesses operating in these markets are not subject to cyber attacks. In fact many organisations with bases in these emerging markets are prime targets and seen as the ‘weak underbelly’ when it comes to an organisation’s cyber security.”
Matu continues: “Cyber security still isn’t given enough priority by business leaders in the region as it’s often seen as an isolated IT problem and not a business issue. It’s important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team. As the world of cyber criminality continues to evolve, it’s important that businesses continually review their IT security measures. This should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting your security measures accordingly – not forgetting making sure all employees are aware of the potential threats and how to respond.”
Control Risks is an independent global business risk consultancy with 36 offices across the globe. Control Risks has over 30 years of experience working in Africa. With regional offices in Nigeria, South Africa and Kenya, it provide clients with high quality support in understanding and managing the business risks they face.