Cybersecurity remains top of mind for businesses in Kenya as attacks continue to grow on financial and online service providers in the country.
These cybersecurity trends have taken centre stage in the ongoing fight to secure systems and data in Kenya:
Moving from reactive to proactive security
Cybersecurity is commonly perceived as a reactive service because troubleshooting and providing solutions occur after a breach has taken place. As the risks increase in quantity and scale, it’s now essential for organisations to be proactive in the detection and prevention of cyberattacks. Managed security service providers (MSSPs) offer affordable mainstream outsourced/managed proactive security services.
Artificial Intelligence and machine learning
The more interconnected the world becomes, the greater the risk of AI-based malware compromising millions of targets at once. Attacks driven by artificial intelligence can adapt to exploit a targeted system. If they succeed, information is relayed to millions of people who soon learn of the exploit. Artificial Intelligence Cyber Security solutions allow automation of detecting and combating threats without human involvement. Since AI is machine driven, it eliminates the human-error factor and guarantees overall better security. AI and machine learning are expected to become an integral part of cybersecurity.
Outsourced and cloud-based security services
As cybersecurity becomes more complex, a lack of required skills to manage security systems will mean that many organisations will outsource their operations or move them to the cloud. Employing the services of MSSPs provides access to a wide scale of security solutions that eliminate the skills shortage and reduce the cost of deployment.
Cyber resilience and regulations
With enough time and resources, skilled attackers can breach some of the most complex cybersecurity systems. The implementation of cyber-resilience strategies provides a contingency framework and recovery plan in the event of a breach. Kenya’s banking regulator, the Central Bank of Kenya, recently announced the launch of new regulations aimed at safeguarding the country’s financial sector against cybercrime.
Advanced persistent threats and data breaches
A cyber attacker spends an average of more than six months inside a compromised network before being detected. So it’s crucial to spot any suspicious activity and take action as soon as possible. The prevalence and resultant damage of data breaches will increase as targeted organisations struggle to recover from the reputational damage and financial loss. Identity theft and the use of stolen personal data to commit fraud and extortion is also expected to continue.
One of the biggest threats to cybersecurity comes from within an organisation. Unsuspecting employees are vulnerable to phishing and other targeted attacks. Educating them on how to identify and report suspicious online content and emails and deploying anti-phishing technologies provide a necessary line of defence.
Internet of Things and connected threats
The focus on IoT security will sharpen because unsecured smart devices provide easy entry points. CCTV cameras, smart TVs and smart appliances connect directly to the Internet without a protective security layer. Many devices also have default admin login credentials that never change, which make them easy to exploit. Changing default usernames and passwords and segmenting vulnerable IoT devices from the greater network will ensure greater security.
Public cloud security
Security becomes paramount as more organisations move to the cloud. Cloud users must understand their security responsibilities and that of their cloud providers and ensure that they are delineated clearly. OS patch management and security such as anti-virus, application security, protecting individual workloads through micro-segmentation and data security must form part of the public cloud security strategy.
Consolidation of security vendors
As new security vendors emerge, we will see a consolidation in the market where big players acquire smaller ones for their IP, unique features and technologies. This won’t apply to every small player because the bigger ones might develop some technologies in-house. Regardless of this, we will see an industry rationalisation in the future.
Existing trends to watch
The emergence of new threats does not halt the existing ones. There will continue to be a prevalence and growth of these trends, including:
- Malware-based attacks
- Cyber warfare and nation-state attacks
- DDoS attacks, social media manipulation and fake news
- Readily available cyber weapons
- Skills shortages