In East Africa, governments are the top target sector for cyber attacks (33%). Telecommunications (22%) and financial services (17%) follow in close succession.
This is according to the cyber threat intelligence team at IT security firm Control Risk who state that contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organisations are fast becoming a target for attacks with local subsidiaries particularly attractive as the 'cyber' route into these multinationals.
The Control Risk team suggests attacks are increasing rapidly and in severity.
According to the company globally there has been a 42% increase in the number of targeted attacks reported between 2015 and Q1-Q2 2016. For East Africa, Advanced Persistent Threat and Criminal Targeted Attacks are the most impactful cyber attack techniques in 2016.
It adds that in Kenya alone, the estimated costs for the country due to cybercrime is 2 billion Kenyan shillings (US$23m).
"The Kenyan Government has made great strides with the formation of Kenya National Computer Incident Response Team Coordination Centre (KE_CIRT/CC) launched in 2012 and the development of the national cyber security strategy in 2014, it is however key for the public and private sector organisations to interpret what the policies mean for them; essentially adopt a "paper to practice" model for their organisation," says Control Risk.
Patrick Matu, Compliance, Forensics and Cyber expert for East Africa comments: "Despite a growing number of media headlines about US or EU based companies falling victim to a cyber breach, the lack of obligation in many emerging markets to report on incidents is creating a false illusion that businesses operating in these markets are not subject to cyber attacks. In fact many organisations with bases in these emerging markets are prime targets and seen as the 'weak underbelly' when it comes to an organisation's cyber security."
"Cyber security still isn't given enough priority by business leaders in the region as it's often seen as an isolated IT problem and not a business issue. It's important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team. As the world of cyber criminality continues to evolve, it's important that businesses continually review their IT security measures. This should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting your security measures accordingly - not forgetting making sure all employees are aware of the potential threats and how to respond," he adds.
Increase in malware
According to the May 2016 threat index issued by pure-play network cyber security vendor CheckPoint Software Technologies the number of active global malware families increased by 15% during the month in review.
The company detected 2,300 unique and active malware families attacking business networks in May.
At the end of Q1 2016 Nigeria was positioned as the 16th highest ranked country, two places from its 18th spot in the preceding quarter.
"Developing and African nations are highly represented in the upper rankings of the index, and Nigeria was surpassed by a handful of other African countries, including Namibia and Malawi in second and fourth spots respectively. In stark contrast, Kenya improved their ranking by 24 places, moving from 45th position at the end of 2015, to 69th at the end of the quarter," the company states.