Hackers stalk Kenyan firms as race to go online peaks

The norm for security among businesses has been fortified doors, grilled windows, sophisticated alarm systems and the permanent feature that are guards manning entrances.

But the growth of cyber space and connectivity, which was expected to enhance marketing, cut the cost of sales and prop up output for Kenyan businesses, has now become the double edged sword, which is giving firms sleepless nights.

Like any other market jurisdiction where Internet penetration is high, Kenya faces the rising threat from hackers who are no longer opportunistic, but organised according a 2016 survey by local tech firms.

‘Hacktivists’ on the lose stole some Sh17.5 billion last year, according to a survey conducted by Serianu Limited in partnership with the United States International University Kenya and Paladin Networks.

The challenge, according to the PriceWaterhouse Cooopers (PWC)2016 crime survey is even bigger for the Kenyan corporates whose level of preparedness remains wanting.


The country ranked top 15 among those that believe their local law enforcement agencies are not adequately resourced to combat economic crime through cyber-attacks.

South Africa, Turkey, Philippines and Bulgaria closed the top five among those perceived to be less prepared to tackle the new avenue for fraud according to the PWC survey.

They are not alone, only 37 per cent of the respondents from the heavily regulated financial services industry – have a fully operational incident response plan when faced with a cyber-crisis.  

“The reality in 2016 is that like every other aspect of commerce, economic crime has, to some extent, gone digital. In a hyper-connected business ecosystem that frequently straddles jurisdictions, a breach in any node of that system – including third parties such as service providers, business partners or government authorities – can compromise the organisation’s digital landscape in a variety of ways,” PWC wrote in the report.

In a country where trading is moving digital and the race to go online is peaking, Kenyan businesses have now fallen in the middle of the digital paradox with business risks if they do and if they don’t.

READ: Care needed in handling vital information in face of hackers

ALSO READ: Sh4bn hacking suspect lives large – VIDEO

While organisations today are able to cover more ground faster than ever before – thanks to new digital connections, tools and platforms, which can connect them in real time with customers, suppliers and partners, cybercrime has become a powerful countervailing force that’s limiting that potential.

In fact, business leaders are now increasingly worried about the threat, which stands on their way to faster growth.

In PwC’s 19th Annual Global CEO Survey, six in 10 chief executives ranked cyber threats and the speed of technological change as top threats to growth.


The scenario is further complicated by lack of awareness by some firms on what attack they could be exposed to or whether they had been compromised.

Top managers and the board where major decisions of firms are made, have also largely stood aloof from the subject, according to the PWC global survey.

“This year’s global economic crime survey points to the disquieting fact that too many organisations are leaving first response to their IT teams without adequate intervention or support from senior management and other key players. What’s more, the composition of these response teams is often fundamentally flawed, which ultimately affects the handling of breaches,” the report said.

So hard to detect is the new trend of digital theft that 56 per cent of companies that say they are not victims, may have likely been compromised without knowing it. Most attackers are also said to have managed to remain on organisations’ networks for extended periods of time without being detected.

Kenya, which is taking most of its government services online has on many occasions raised the alarm over the increased number of cybercrime attacks in the country, which is slowly building up into a major threat.

With procurement, awards, payments and various other procedures now allowed online, the threat is as big as the convenience enjoyed by these services going digital.

Information Communication and Technology (ICT) secretary Joe Mucheru last week said hackers are increasingly targeting sectors that are digital-savvy especially with the rise of financial technology and Internet banking.

“The government is alive to the emerging threats, the break-neck speed at which we are mainstreaming ICT as an enabler of business and development must therefore be balanced with prudent risk management,” Mr Mucheru said.

Cyber criminals have targeted government installations including those dealing with revenue collection like the Kenya Revenue Authority, which is said to have caused a Sh4 billion loss.

Businesses now experience losses running into billions of shillings from the cybercrime and as well have to invest equally high sums of money to boost the platform as customers demand convenience and speed in an increasingly cash lite economy.


Keen not to ruin their reputations in the aftermath of cyber-attacks, many business are said to be suffering the millions of shillings in losses in silence as the survey found that reputational damage was considered the most damaging impact of a cyber-breach – followed closely by legal, investment and/or enforcement costs.

What should the businesses do to beat this digital dilemma then? “The digital world does not allow any organisation to feel comfortable in the area of cyber security threats and vulnerabilities. A constant guard that is on the alert, detecting and is responsive to the changing environment is essential,” Audit firm Ernst and Young wrote in their cyber threat report released last week.

It is, however, difficult to stay alert all the time and even more difficulty to measure sufficient preparedness in the increasingly changing tactic with those piercing corporate data and systems to make millions.

A new trend of attackers staging diversionary attacks to conceal more damaging activity may even prove harder for businesses to detect attacks quickly.

In one of the diversionary techniques, attackers target services that cause  denial of service effectively distracting and creating a lot of noise while the real focus of the attack unfolds in a slow and undetected manner.

Bill kicks disabled, youth out of public purchasing board

Safaricom network restored after Al Shabaab attack