The Ministry of ICT is concerned about the prevalence of cyber attacks in the country’s digital space and is encouraging businesses and individuals to regularly update cybersecurity measures.
- This follows revelations that a Moldovan firm called B2bhint infiltrated the Business Registration Service (BRS) last Friday, retrieving data from Kenya-registered businesses including residential addresses and phone numbers of shareholders.
- The latest data shows that between July and September last year, the total number of cyber threats stood at 657,843,715 with over 583 million of these cases were as a result of system vulnerabilities.
- Banks have been victims of cyber attacks – especially those that have insider involvement- leading to an increasing number of fraud cases.
The BRS breach is the latest in several cyber attacks targeting government systems. In December last year, there were reports that the The Micro and Small Enterprise Authority (MSEA) system was breached and sensitive data leaked to the dark web. One of the most devastating cyber attacks saw the outage of the e-citizen platform in July 2023 –by a group called ‘Anonymous Sudan’.
In response to the latest breach, the government said that it has assembled a multi-agency team to investigate and stem the access to the sensitive data. It has now also warned businesses on the need to update security software and cyber security measures to ward off attacks.
“We encourage the public to verify the authenticity of websites and emails to avoid falling victim to phishing attacks. Regularly backup important data to secure locations,” Cabinet Secretary for ICT William Kabogo said in a notice.
The Communications Authority of Kenya (CA) reports that Kenya lost about KSh10 billion to cyber crimes in 2023. Between October and December of that year, Kenya’s Cyber Security Center detected over 1.2 billion cyber threat events, representing a 943.01 per cent jump from the preceding period.
In June 2024, the government constituted a Taskforce to reform its cybersecurity strategy and advise on emerging technologies such as artificial intelligence. Among other roles, the Taskforce was meant to review the base laws against cybercrime, and to support the set up of cybersecurity desks at law enforcement centres such as police stations.
