A total of 114 cyber-attacks on key critical information infrastructure were recorded by government
agencies from January to August 2024.
This is according to the annual report on the state of national security for the period of September 1, 2023 to August 31, 2024.
The report tabled in parliament was presented by President William Ruto, who chairs the National Security Council, during the annual state of the nation address.
This Annual Report on the State of National Security is submitted to Parliament as a requirement pursuant to Article 240(7) of the Constitution of Kenya and the National Security Council (NSC) Act, Sec. 16.
It details that a constraint and challenge that persisted during the period under review included the rapid advances in digital and other technologies which have not only made significant contributions to socioeconomic advancement in the country but also opened novel frontiers to new types of cyber-based crimes.
It also noted that the anonymity afforded by aspects of these technologies allows some state and non-state actors to engage in cyber-crime owing to the diminished risks associated with anonymity, to project their power.
In the report, President Ruto further said the cyber space landscape remains volatile and has transformed significantly in recent years due to rapid technological advancements and increased global connectivity.
He added that it encompasses the entire spectrum of known and potential cyber security risks that could affect National Critical Information Infrastructure (CII), user groups and organizations.
“Increased digitisation and migration of many public services to the cyber domain has led to rising reliance on web-based services, predisposing institutions and individuals to cyber threats,” Ruto said.
“These include malware, cyberbullying, social engineering and online scammers which result in subversion, espionage, disruption of services and financial losses.”
“Additionally, the rapid advancement of Artificial Intelligence (AI) technologies has introduced both opportunities and challenges in the cyber-security landscape.”
President Ruto further said that while AI enhances capabilities in various domains, its evolving nature also presents new risks and complexities that malicious actors can exploit to compromise security.
Similarly, he added, the dynamism in the cyber security domain continues to pose challenges including the lag in adopting appropriate cyber security tools and technologies.
This has resulted in greater anonymity of offenders, limited monitoring capabilities, and inadequate detection and response.
“Additionally, inadequate “cyber-security hygiene” and awareness among the general population predisposes citizens to a variety of cybersecurity risks such as those targeting mobile devices and banking fraud,” Ruto said.
To address the challenges, the government has put in place several measures which include formulating the Computer Misuse and Cybercrime Management Regulations (2024), to enhance information sharing,as well as coordinate incident response and management.
The state has also adopted a multi-agency approach and partnerships to counter the threats and established the National Kenya Computer Incident Response Team (KECIRT) under the Communication Authority to monitor cyber threats.
Further, President Ruto affirmed that the government will continue to safeguard the country’s cyber space by partnering with other national, multi-lateral and related organisations as well as acquire modern tools and expertise to the law enforcement agencies and cybercrime units and institute policy and legislative reforms.
“Kenya has had its own share of attacks targeting critical infrastructure including the e-citizen platform,” he said.
“Additionally, the ability of the citizens to mobilize online for negative purposes poses a threat to national security as demonstrated by the recent Gen-Z protests.”
“This then brings to the fore the need for sharper focus into the cyber domain as an area to be closely monitored, and the required investments being made.”
According to the CA’s Cyber Security Report, in the three-month period between July and September 2024, the National KE-CIRT/CC detected over 657.8 million cyber threat events.
This represented a 41.87% decrease from the 1,131,696,878 threat events detected in the previous period, April – June 2024.
In response to the cyber threats observed, the regulator said they continued to enhance the dissemination of cyber threat advisories to critical information infrastructure sectors.
“In line with global trends, the ongoing exploitation of “system vulnerabilities” may be associated with the continued proliferation of Internet of Things (IoT) devices which are inherently insecure,” teh report reads in part.
“Other weaknesses include system misconfigurations and deprecated software, and the dynamism occasioned by new and emerging technologies such as Artificial Intelligence (AI).”
In response to the detected cyber threat events, the report further indicates that the National KE-CIRT/CC issued 9,582,347 advisories between the period July – September 2024, which represented a 2.51% increase compared to the 9,347,363 advisories that were issued during the previous period, April – June 2024.
“During the period, there was a significant increase in the number of advisories on system attacks.” the report said.
“These advisories were aimed at advising users to patch vulnerable systems on a regular basis, utilising multi-factor authentication, strong passwords, and hardening systems and networks.”
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
