In East Africa, governments are the top target sector for cyberattacks, 33%. Telecommunications, 22% and financial services, 17% follow in close succession. Contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organisations are fast becoming a target for attacks with local subsidiaries particularly attractive as the cyber route into these multinationals.
According to Control Risks cyber threat intelligence team:
- Cyber security is still not given enough priority by business leaders in the region as it is often seen as an isolated IT problem and not a business issue
- Attacks are increasing rapidly and in severity, globally there has been a 42% increase in the number of targeted attacks reported between 2015 and Q1-Q2 2016
- For East Africa, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyberattack techniques in 2016
- In Kenya alone, the estimated costs for the country due to cybercrime costs sums up to $23+ million
The Kenyan Government has made strides with the formation of Kenya National Computer Incident Response Team Coordination Center, launched in 2012 and the development of the national cyber security strategy in 2014, it is however key for the public and private sector organisations to interpret what the policies mean for them.
Patrick Matu, Compliance, Forensics and Cyber expert for East Africa, Control Risks comments: “Despite a growing number of media headlines about US or EU based companies falling victim to a cyber breach, the lack of obligation in many emerging markets to report on incidents is creating a false illusion that businesses operating in these markets are not subject to cyberattacks. In fact, many organisations with bases in these emerging markets are prime targets and seen as the weak underbelly when it comes to an organisation’s cyber security.”
“Cyber security still is not given enough priority by business leaders in the region as it is often seen as an isolated IT problem and not a business issue. It is important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team.”
“As the world of cyber criminality continues to evolve, it is important that businesses continually review their IT security measures. This should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting your security measures accordingly – not forgetting making sure all employees are aware of the potential threats and how to respond.”
Control Risks is an independent global business risk consultancy with 36 offices across the globe. Control Risks has over 30 years of experience working in Africa. With regional offices in Nigeria, South Africa and Kenya.
