Kenya's cyber security space continues to face significant challenges, with the number of attacks discovered in the third quarter of the financial year 2024/2025 increasing to 2.54 billion.
The Communications Authority of Kenya (CA) released its Third Quarter Sector Statistics Report for the Financial Year 2024/2025 (January-March 2025).
According to the report, this surge in attacks represents a 201.7% increase over the previous quarter's 840.9 million total.
It goes on to say system vulnerabilities accounted for the majority of the increase, reaching 228.3% to more than 2.47 billion cases.
Cyber criminals frequently use these vulnerabilities to access networks, disrupt services, and steal critical data.
Although system vulnerabilities dominated the threat environment, Kenya also reported various other kinds of cyber-attacks.
Malware cases decreased by 27.6% to 24.5 million, while brute force attacks, which include repeated efforts to guess passwords or encryption keys, fell by 2.8% to 33.79 million incidents.
Web application attacks increased by 11.8% to 5.08 million incidents, showing growing risks to online platforms and services.
Distributed Denial of Service attacks, which overwhelm systems and create service disruptions, decreased by 75.6% to 3.67 million occurrences.
This comes as Kenya is actively implementing its National Cyber Security Strategy 2022-2027, which includes steps to combat cyber-attacks.
The Ministry of ICT and the CA launched the five-year plan, which outlines a framework for strengthening the country's cyber security posture by improving threat intelligence sharing, developing national cyber capabilities, protecting critical infrastructure, and promoting a cyber security culture.
The strategy is built on five pillars: strengthening legal and regulatory frameworks, increasing capacity and public awareness, improving technical measures and collaboration, creating incident response capabilities, and establishing a governance structure for implementation.
It also promotes collaboration among government agencies, private companies, academia, and international partners to build a strong national cyberspace.
In response to the escalation of threats detected by CA, the National Kenya Computer Incident Response Team - Coordination Centre issued 13.23 million cyber advisories during the quarter, a 14.2% increase over the previous period.
The warning targeted both individuals and institutions, urging enhanced vigilance and the implementation of preventative measures.
Experts warn that as Kenya's digital economy evolves, cyber-criminals will take note and target firms around the country, with serious financial consequences.
According to Tony Anscombe, Chief Security Evangelist at global cybersecurity provider ESET, these threats are not isolated instances; rather, they indicate a growing trend of attacks on firms who are unprepared to handle modern cyber security issues.
Share