Cybercriminals up their game, steal Sh30b in one year

Kenya’s economy lost Sh29.5 billion to cybercrime and related activities last year as criminals stepped up attacks on banks, Saccos and government agencies.

The latest report from cybersecurity firm Serianu shows that even as more Kenyan companies today are more aware of the threat posed by cybercrime, a skills shortage in the sector and rapidly evolving technology is leaving more firms exposed to attacks.

“From our survey, we estimated the cost of cybercrime in Kenya at Sh29.5 billion for 2018, which is 40 per cent increase from the Sh21 billion reported over a similar period in 2017,” explained Serianu Chief Executive Wiliam Makatiani.

SEE ALSO :Cybercrime and fake news are real dangers to society

“These costs include Sh8 billion in direct cost either through money lost in attacks or ransom paid to free up stolen data and Sh20 billion in indirect costs involving procurement of equipment and software, training personnel and monitoring systems,” he said.

Personal computers remain the main point of access for criminals, with more than Sh230 million lost through this channel.

Another Sh100 million was lost through email phishing - an attempt to trick someone into giving information over the Internet or by email that would allow someone else to take money from them - while Sh97 million and Sh72 million was lost through hacking of transaction channels and identity theft respectively.

 Biggest challenge

At the same time, the financial sector and government agencies topped the list of targeted institutions as criminals sought out critical financial or personal data to exploit.

This has led to an increase in the cost of doing business as institutions spend more resources to safeguard their systems against attacks.

Financial players, including banks, insurance companies and Saccos, spent Sh6.4 billion in protective measures.

Government agencies and private service providers, including telcos and sports betting companies, on the other hand, spent Sh5.9 billion and 4.8 billion respectively.

According to Serianu, while more companies are reporting cybercrime attempts and even losses, many cite the lack of adequate personnel as the biggest challenge to complying with industry standards.

Of those polled, 23 per cent reported a skills gap in auditing and risk management, with another 22 per cent pointing to inadequate personnel trained and experienced in incident response.

Earlier this year, the Directorate of Criminal Investigations (DCI) published the names and faces of more than 100 individuals it said were linked to the theft of millions of shillings from several commercial banks in Kenya.

Data from the Communications Authority of Kenya (CA) indicates that cases targeting both individuals and institutions over the last quarter of last year spiked 168 per cent.

Malware attacks recorded a 400 per cent increase from 1.8 million between July and September last year to nine million recorded between October and December, with a majority of cases targeting smartphone users.

“The quarter saw an exponential increase in the number of malware attacks as well as the number of misconfigured systems,” said the CA in the latest sector statistics report.

Register to advertise your products & services on our classifieds website Digger.co.ke and enjoy one month subscription free of charge and 3 free ads on the Standard newspaper.

cybercrimeSerianuPersonal computersFinancial playersGovernment agenciesCommunications Authority of KenyaDCI