In its quarterly report for Q3 2017/2018, the Communications Authority of Kenya (CA) stated the country was the target of 7.9 million cyber attacks between January and March 2018, down from the 10.7 million experienced during the previous quarter.
The report explained: "The decrease was due to the enhanced response to the cyber threat advisories issued by the National KE-CIRT/CC to the targeted organisations. The measures deployed by the targeted organisations prevented the recurrence of some of the attacks."
During this quarter, there were 3,488 cases which were tagged as critical, with the National KE-CIRT/CC intervening to mitigate the risks. There were 677 such cases recorded in the previous quarter.
There were 5.69 million reported Malware attacks compared to 7.88 million in the previous quarter, while the number of Botnet and DDOS attacks also dropped from 1.5 million to 1 million.
Tyrus Kamau, principal consultant at cyber security firm Euclid Consultancy Services, said: "When you consider people who rely on online shopping, financial transactions, the reduction in attacks reassures customers that it's safe conducting business online. Consequently, businesses can continuously push more products and offerings to their customers."
But he also believes the CA, which governs the national incident response team, should conduct more training on reporting of incidents.
"When a business loses money through fraud or there's identity theft, people will instinctively call the police who will refer the case to the DCI's Cybercrimes Unit. You can see, the CIRT gets to know about the attacks way after the fact. Ideally, the CIRT should be the first point of contact."
At a policy level, Kamau said Kenya is ahead in East Africa, but because the cyber threat landscape changes so quickly, continuous monitoring is required.
"It's always a game of catch-up when it comes to cyber crime and so it would be good to go beyond the policies and enforce relevant authorities to tackle the growing threat," he said.
According to Serianu's 2017 Cybersecurity Report, Kenya lost an estimated US$210 million to cyber attacks.