Financial Crime World

Kenya’s Financial Institutions Under Siege as Cyber-Attacks Intensify

The Growing Threat of Cyber-Attacks in Kenya’s Fintech Sector

The financial technology sector in Kenya has experienced rapid growth in recent years, but it has also become a prime target for cyber criminals. According to Kaspersky’s June report, Kenya ranked 35th most cyber-attacked country globally, with the financial sector being a key area of focus.

The Scale of the Problem

Fintech companies are facing an unprecedented number of sophisticated attacks, including phishing attempts, data breaches, and ransomware campaigns. In the past year alone, the Communications Authority has recorded over 860 million incidents of cyberattacks in Kenya.

Impact on Critical Infrastructure

Kenya’s critical information infrastructure has been severely impacted by these attacks, with major institutions such as:

  • Kenya Power and Lighting Company
  • Kenya Railways Corporation
  • National Transport and Safety Authority

all falling victim to cyberattacks. Digital banking and mobile services have also been compromised.

Lack of Awareness a Major Contributing Factor

Experts point to a lack of awareness among customers and data custodians as a major contributing factor to these attacks. “The first person to blame is where that data is sitting - that’s the data custodian, and the second is the customer who lacks awareness,” said Michael Odundo, a research analyst at SIB.

Emerging Threats

As wealth management applications become increasingly popular on mobile and cloud-based services, attacks such as:

  • Distributed Denial of Service (DDoS)
  • Ransomware
  • Phishing

continue to rise. The Capital Markets Authority’s latest soundness report highlighted the vulnerabilities of financial institutions as they increasingly rely on emerging technology amidst growing digitization.

Measures Being Implemented

To combat these threats, fintechs are implementing measures such as:

  • Two-factor authentication
  • Sensitization
  • Ensuring data is housed in multiple data centers

Businesses are also installing firewalls, creating data backups and encryption, reducing attack surfaces, and conducting regular employee cybersecurity training.

The Cyber Security Skills Gap

However, the cyber security skills gap remains a significant challenge, with experienced professionals hard to find and expensive to retain. The Kenyan government has responded by partnering with organizations, creating cybersecurity laws, and setting up a data protection office to ensure the privacy of citizens’ data. Despite these efforts, more needs to be done to address this critical issue and safeguard Kenya’s digital infrastructure against the ever-evolving landscape of cyber threats.

Conclusion

The threat of cyberattacks is very real in Kenya’s fintech sector, and it requires immediate attention and action. While measures are being implemented to combat these threats, a sustained effort is needed to address the cyber security skills gap and ensure the privacy and security of citizens’ data.