The State of Cybersecurity in Kenya: Challenges and Solutions

byRoy Mugambi Marangu Published:

Cybersecurity is safeguarding system networks and data against unauthorized access and malicious attacks. As we rely more on digital platforms for communication, commerce, and digital sharing, we expose ourselves to an increased risk of cyber threats and attacks. Cybersecurity encompasses a wide range of threats, including cyber-attacks, identity theft, and phishing scams. These threats are not only more prevalent but also more advanced than ever before.

The image shows a close-up view of a computer screen displaying the word “Security” in blue, pixelated text. The word is underlined and there’s a cursor hovering over it. To the left of the word, there’s a shield icon. The background of the screen is black
Pixelated Cybersecurity Shield

Kenya has made amazing progress in internet access and mobile money in the last few years. With almost 18 million people online and eager to use technology, Kenya has one of the highest internet penetration rates in the world.

More and more people are using mobile money to send and receive payments in Kenya. The Central Bank (CBK) of Kenya says that mobile money transactions were more than half of the country’s GDP in 2021, and they expected them to grow even more in the next year

THE CURRENT STATE OF CYBER SECURITY IN KENYA

On the 5th of August 2022, the government of Kenya launched the national cyber security strategy as a way to address the emerging threats of the cyber domain. The strategy aligns with computer misuse and cybercrimes CMCA to coordinate actions for detection, prohibition, prevention, response, investigation, and prosecution of cybercrime through multiagency. According to the National Computer and Cyber Crime Coordination Committee, the strategy is anchored on 6 main pillars which include;

  • Establishment of governance structure 
  • strong policy
  • Legal and regulatory framework
  • Protection of critical information Infrastructure
  • Cultivation of a skilled cyber security workforce 
  • Developing more advanced capabilities mini missing crimes and incidents

The country in recent times has been targeted by hackers in several major attacks. On July 2023 the cabinet secretary for ICT admitted that the government was hit by Sudan hackers identifying themselves as an 'anonymous Sudan' hacking group. Most Kenyans complained that the government portal e-citizen which provides almost every government service including passport applications and certificates of good conduct the portal was not working. However, the government through the Ministry of ICT denied any loss of data stating there was no cause for alarm and that the system was up and running.

KEY TRENDS AND DEVELOPMENT IN KENYA CYBER SECURITY;

  • The government of Kenya is prioritizing cyber security- As I have mentioned earlier in August 2022 the government of Kenya launched the national cyber security strategy in the country to address the emerging trends of cyber security in the country
  • Kenyan businesses are increasing cyber security investments, Businesses are waking up to the critical need for cybersecurity. In fact, about 45% of businesses have implemented backup systems. Additionally, 40% have secured VPN and remote access, 38% have web content filtering and malware protection, and 26% have email content filtering and malware protection. These businesses are proactively investing in cybersecurity solutions, including firewalls, to safeguard their operations
  • The frequency of cyber in Kenya is on the rise, because of the country's growing digital economy and increased reliance on technology. Some of the common cyber-attacks in Kenya include phishing scams, malware attacks, and denial-of-service attacks which means disruption of the normal functioning of a computer system, network, or online services by overwhelming it with a flood of excessive traffic
  • Cyber regulations enacted by the Data Protection Act, The goal was to set up a Data Protection Commissioner, regulate the processing of personal data, and outline the rights of data subjects as well as the obligations of data controllers and processors. This was all done with the aim of ensuring data privacy and protection.
  • Government initiatives, The Kenyan government, via the Communication Authority of Kenya, has rolled out several initiatives to combat cyber threats. One such initiative is the Kenya National Computer Incident Response Team Coordination Centre (KE-CIRT/CC), which is dedicated to handling cyber threats and incidents.
  • Cloud Security, As organizations in Kenya adopted cloud computing services there was a need to emphasize cloud security by ensuring data is been hosted in the cloud was the top priority

Lack of cyber security awareness

According to the Star between 2020 and 2021, cyber security threats increased from 8 million to 13.7 million with hackers now targeting large organizations Lack of cybersecurity awareness, lack of skilled workforce, and the regulatory framework are some of the reasons behind the challenges we are facing today as a country.

Recently Naivas Supermarket a leading chain store supermarket in Kenya failed to report a potential breach within 72 hours violating data protection law. The breach is said to have exposed 611GB of personal data including names, phone numbers, emails, and loyalty points. If this is anything to go by then a proper audit should be done to determine the extent of the breach and action should be taken.

Data from the economic survey show that vulnerabilities increased from a 58million to a whopping 452.4 million, this shows that organizations and individuals need to patch vulnerabilities by prioritizing security patching and mitigation practices which are some of the main obstacles that both organizations and individuals are grappling with in their efforts to defend themselves against cyber-attacks; Some of the challenges include.

  • Lack of cyber security awareness, Individuals need to be more aware of security threats and the importance of cyber practices, through education and training this can be easily archived. Promoting cyber security education is essential to bridge this knowledge gap
  • Limited resources, Many businesses especially startUPs and SMEs struggle to allocate a budget for cyber security measures. To address these challenges the government in conjunction with the private sector requires innovative solutions and greater support for small businesses to ensure that cybersecurity remains a priority in Kenya's digital landscape.
  • Skilled workforce shortage of cyber security, can or will always hinder response, vulnerability assessment, security awareness, and development of proper defense strategies. This can underscore the urgency of developing cyber security talents, especially in Kenya where there is a lot of potential from graduates. Assigning this graduate opportunity can go a long way in building a robust cybersecurity system in the country
  • The regulatory framework, Kenya has made significant strides in the realm of cybersecurity. However, the existing regulatory framework might not be fully equipped to tackle all current and emerging issues. For many individuals and businesses, understanding and complying with this complex regulatory framework can be a daunting task. This complexity can act as a significant roadblock in the development and execution of effective cybersecurity strategies. Therefore, it’s crucial that we enhance and modernize our regulatory framework to stay ahead of evolving cyber threats. This will significantly bolster Kenya’s defenses against cyber attacks.
  • Complex and ever-changing threat landscape, Due to the ever-changing complex landscape it can be difficult for individuals and businesses to stay up to date. The ever-changing environment undermines the importance of staying informed and adopting a proactive security culture in Kenya that empowers individuals to stay alert in the face of dynamic cyber threats
  • User behavior, Many people often opt for passwords that are easy to remember, such as the name of their pet or their birthdate. However, these passwords are typically weak and can be easily guessed by hackers. Additionally, individuals may unknowingly expose their accounts to risk by falling for phishing scams or neglecting to update their software regularly. Addressing these challenges involves promoting cyber security awareness and educating users on the importance of strong unique passwords as well as the adoption of multi-factor authentication methods to enhance security.
  • Use of legacy systems, In many offices across Kenya, it’s not uncommon to find an outdated computer that’s no longer receiving support. The continued use of these legacy systems can potentially expose sensitive data, as they may be more vulnerable to hackers. To address the challenge organizations and individuals need to prioritize upgrading their technology infrastructure to mitigate the risks associated with legacy systems and enhance their cybersecurity.

POSITIVE DEVELOPMENT IN KENYA CYBERSECURITY LANDSCAPE.

Kenya is at the forefront of embracing digital transformation and therefore the importance of cybersecurity cannot be overlooked Kenya like many other countries has a regulatory standpoint to protect its citizens' personal information. When these regulations are adhered to such as the Data Protection Act it will help protect user privacy and prevent data breaches.

In the event of cyber incidents the structure governance will enable swift response and prevent data loss. This includes isolating the system that is affected by the vulnerability, involving relevant agencies who have specialized data cybersecurity threats, and initiating the data recovery process hence a back is important in any organization

There have been several positive impacts on Kenya's cyber security landscape which include;

  • National Cyber Security Strategy 2020-2027, On August 5th, 2022, the government unveiled a national cybersecurity strategy. This strategy serves as a roadmap for tackling new challenges and threats in the cyber realm.
  • National Kenya Computer Incident Response Team Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) was set up in 2017. Its primary role is to identify, prevent, and respond to cyber threats in the country, operating around the clock. The KE-CIRT/CC is also equipped with cutting-edge systems that aid in managing national cyber threats. eat detection
  • Promotion of ICT equipment, The government of Kenya has been promoting ICT equipment through various initiatives such as a digital literacy program that aims to provide primary school students with with ICT skills by equipping schools with computer and digital content. Additionally, the government went the extra mile to reduce taxes on ICT devices to make them more accessible.
  • With a growing pool of cybersecurity professionals, the cybersecurity field in Kenya is experiencing a significant boom, with an increasing number of professionals joining the ranks. This surge can be attributed to several factors. Firstly, the government has been proactive in sponsoring training programs. Secondly, initiatives from the private sector have also played a crucial role. Lastly, the escalating demand for cybersecurity professionals has further fueled this growth.
  • Improved collaboration on cyber security of information and digital economy, has been bringing together multi-stakeholders from the private and public sectors due to the recent incidents that happened in the country will play a huge role in safeguarding the country against any further cyber threats

AREAS OF IMPROVEMENT IN THE CYBER SECURITY LANDSCAPE IN KENYA

While Kenya has made significant strides in improving the cyber security landscape there are still areas that could be enhanced;

  • Creation of governance work national cyber security strategy 2022-2027 The call for the creation of a governance structure is becoming increasingly important. It’s crucial to foster better coordination between government agencies, private sector entities, and civil society organizations. This collaborative approach is key to formulating effective cyber security regulations and policies that can tackle the ever-evolving cyber threats. Moreover, enhancing our ability to respond to incidents and cultivating a skilled cyber security workforce are essential steps towards bolstering the country’s cyber defenses.
  • Effective enforceable policy, legal, and regulatory frameworkEffective and enforceable policy, legal, and regulatory framework are essential for establishing clear guidelines and ensuring compliance with cyber security measures. It provides a strong foundation for protecting digital assets, ensuring there is accountability, and deterring cyber threats increasingly connected world.
  • Safeguarding essential systems and data- Imagine, Think of our essential system and data as a big, sturdy castle. Our job is to keep that castle safe from any attacks, making sure our important services keep running smoothly. That means we need to build strong walls - our security measures - to keep our critical infrastructure, sensitive information, and digital assets safe from cyber threats. We’re not just keeping these resources safe; we’re making sure they stay reliable, private, and ready to use. It’s a big job, but we’re up for the challenge
  • Training and nurturing a skilled cyber security workforce, a world where governments are pouring resources into training their personnel, equipping them with the skills to tackle the challenges that lie ahead. It’s not just about dealing with what’s in front of us, but also preparing for what’s yet to come. This investment isn’t just in their personnel but in the future of our society. It’s a commitment to resilience, to adaptability, and to progress.
  • By developing and employing cutting-edge technologies and expertise, investing in innovative solutions, and nurturing a highly skilled cybersecurity workforce, both organizations and individuals can stay one step ahead of emerging cyber threats.
  • Strengthening the rule of law, Strengthening the rule of law in Kenya is a fundamental area of improvement in Kenya's cyber security landscape. By enacting and enforcing cyber security laws and regulations effectively the government can  create a legal framework that promotes accountability and prevention against cyber threats 

CONCLUSION

Wrapping things up, we’ve seen some exciting progress in Kenya’s fight against cyber threats. The government has stepped up, laying out a national strategy for cyber security, and businesses are putting their money where their mouth is, investing more in keeping their data safe. But it’s not all smooth sailing - we’re seeing more phishing scams, malware attacks, and denial-of-service attacks than ever before.

There are hurdles to overcome too. Many people still don’t know enough about cyber security, and businesses often don’t have the resources they need to protect themselves. There’s a shortage of skilled professionals in the field, and the regulations can be tough to navigate.

But there’s hope on the horizon. If we can set up a solid governance structure, make effective policies and regulations, protect our essential systems and data, train up a skilled workforce, and strengthen the rule of law, we’ll be well on our way to a safer digital Kenya. And that’s something that will benefit us all - individuals and organizations alike.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tags:

Roy Mugambi Marangu

My blog is basically the internet's therapy session: we laugh at our tech addiction, cry over the latest data breach, and then scroll further down anyway. Welcome to the support group, my friends.

You might like

View all
Previous Post Next Post
Share to other apps
Copy Post Link
Update cookies preferences