According to the recently released Kenya Cyber Crime Report 2015, the number of locally engineered attacks has risen sharply and resulted in a US$150 million loss for the East African country. Government is believed to have lost approximately US$50 million in 2014.

The release of the report happens to coincide with an investigation underway at the Ministry of Devolution and Planning relating to a loss of approximately US$8 million from the e-procurement platform. A preliminary investigation of the system has revealed that officials approved an unauthorised transaction.

The report, prepared by cyber security firm Serianu, says that employees and insiders were responsible for 80% of the attacks related to fraud and theft in many organisations.

"Cyber criminals and trusted employees are exfiltrating hundreds of gigabytes of sensitive data from organisations daily. The increased use of unauthorised cloud applications and the uncontrolled adoption of BYOD has weakened access controls, giving users a complete access to large volumes of sensitive or classified data," the report said.

The report also highlighted that Africa is home to a growing number of local cyber criminals in contrast to earlier years.

"In our analysis of cyber intelligence, we have noted an increase in the number of Africa-based cyber criminals, especially from Nigeria, Rwanda and Kenya. This is a clear indication that Africa is increasingly becoming a source of cyber criminals and tools," Serianu indicated.

The number of certified ICT risk professionals is also low. According to Information Systems Audit and Control Association (ICASA Kenya) there are only 1000 certified professionals compared to over 26 million internet users in the country.

"Which means there is approximately one security professional for every 200,000 internet users. This is a worrying ratio that needs to change if we are going to successfully secure the cyber space in Kenya," the report notes.

Most government agencies and other private business do not adequately invest in cyber security. The report says that budgets allocated to implement security measures are inadequate and leave organisations open to various vulnerabilities.

The report encouraged the introduction of robust measures including human based log analysis that would stem majority of the breaches, internally and externally.

"Fortunately, most attacks on your network leave behind indicators that signal a problem. Organisations need to put in cyber security monitoring processes to identify these behaviours, and alert relevant personnel to resolve the issues."

The research for the report was conducted between July and September of 2014 and involved 275 professionals from private and public sectors.