Attackers have to be right just once, but the defence has to be right all the time.

In 2023, Kenya experienced nationwide information technology chaos, thanks to Anonymous Sudan that disrupted over 5,000 government services, including mobile money transactions, passports and visa applications. 

The attack was part of growing cyber threats, with over 855 million incidents detected between July 2022 and July 2023. 

We have at one point received a random unwanted text with fraudulent intent. These messages are designed to deceive recipients into clicking on links, sharing sensitive information, or downloading malware. 

It can be as simple as “Notice, dear tenant, starting today, payment of rent should be done through the new Mpesa paybill account: … regards, management.” or “Please send me the money to this number…”.

All this from a contact you don’t have and it’s because they fished your number somewhere you left it. It is either because you needed to or didn’t but whoever gathered sold it as data.

Your details, number, email, full names, pictures, family names, birthday, these are data that can be sold to the highest bidder. This data is used to determine a lot in the digital age that’s why data is the new oil.

Mobile money popularity in Kenya makes phones a prime target for social engineering, a tactic that attackers use to manipulate people into giving out sensitive information. 

By the time you read this, though, your personal information is probably already out somewhere in the public. It’s never too late to delete your data from the internet, but if you think that will stop companies from getting your information, think again.

You can never completely delete your info from the internet. The best you can do is minimise your footprint, which can reduce the risk of being an easy target.

Cybercriminals often embed malicious software within seemingly legitimate applications. These apps, sometimes distributed through unofficial app stores or even disguised within popular social media platforms, can grant attackers access to sensitive data once installed.  

Applications distributed through unofficial app stores play host to cybercriminals; they embed malicious software within what looks like a legitimate application.

So why do we make it so easy for scammers? Every time you agree to the terms on an application, sign up for a registration book with your details, or fill out online forms, you essentially give away your data.

The hope is that the person collecting this data will not misuse it. But in 2025? You should not move with hope when it comes to data. Only give what is needed and push back to protect yourself; you don’t have to leave your number at a random event.  

Social media tendencies don’t help though. It is nice for people to wish you happy birthday but apart from your date of birth, that platform probably has your full name, address, email, your pictures, your children’s pictures, and the list can go on. 

But how do we protect our data? How do we ensure that what is out there about us is as much as what we want and with people we have approved? How do we limit the use of our data out there? 

Short answer: It’s a digital jungle, and your data is the prey. Save yourself with strong passwords, multi-factor authentication and stay skeptical. Also, don’t click dodgy links, verify senders and update your software. This isn’t just a tech tip anymore, it’s survival. 

But data privacy is not just your responsibility; a government that is digitising every service, banks and organisations that need data to serve you bear most of this responsibility.

To keep your data safe and ensure use to the limit that you signed up for. In 2023 for example, Kenya faced rampant cyber-attacks that affected key government online services. The main target was the e-citizen platform used by the public to access over 5000 government services and mobile money.

Kenya’s National Transport and Safety Authority (NTSA), Kenya Power and Kenya Railways also experienced service disruptions. 

Ironically, While the government owns and manages the eCitizen platform, it’s possible they utilize outsourced services for specific technical aspects of its operation.

For a digital-first government, this wasn’t the first time information had been compromised. In 2023, Microsoft revealed access to email accounts by a group of hackers, affecting nearly 25 organisations including the government. 

But who could have such boldness, such skill and resources to execute this?  

According to the BBC, Anonymous Sudan claimed responsibility for the cyberattack. The group portrays itself as Sudanese cyber-warriors and has sworn to attack anyone who tries to interfere in the internal affairs of Sudan. 

The then ICT Cabinet Secretary Eliud Owalo confirmed that the cyberattack was being carried out by the group and stated that no sensitive data was compromised or lost during the incident.

According to several reports, the group is believed to have links to Russia, but the group denied that connection. See, all this was a loose end by the government that effectively exposed millions of users’ data.

From October 1 to December 31, 2024, the total number of cyber threats detected was 841 million, representing a 27.2 per cent increase compared to the previous quarter (July-September 2024) when 661,190,115 cyber threats were detected. 

Cybersecurity, though a problem, also offers many opportunities. The latest Cisco Cyber security Readiness Index says 86 per cent of organisations globally are impacted by a shortage of cyber security talent.

Francine Katsoudas, the executive vice president at Cisco, says there are four million roles in cybersecurity that need talent in that sector.

She was speaking at the launch of a cybersecurity centre at The University of Nairobi’s Chiromo Campus.

The facility, dubbed “The Edge Centre”, is a Cybersecurity Technology Experience Centre. It is designed to bridge the gap between academic training and industry needs in the field of cybersecurity. The center aims to equip students and professionals with the skills and knowledge necessary to detect, prevent, and respond to cyber threats, increasing the number of cybersecurity experts in Kenya.

Speaking at the launch, Francine Katsoudas, executive vice president and chief people, policy, and purpose officer at Cisco, noted that with advancements in Artificial Intelligence, there is a need to upskill communities to respond to threats.  

“This partnership between CDA and Cisco Networking Academy allows us to equip more people with the skills needed for the future and strengthen the country’s cyber defences. We look forward to working with the Ministry of Information, Communications and the Digital Economy and ICT Authority on advancing the goals they’ve set in Kenya’s development plan,” said Katsoudas.  

Speaking at the official launch, Principal Secretary John Tanui highlighted the center’s crucial role in providing cybersecurity training and developing strategic in-country cybersecurity capabilities. “Cisco is launching its first cybersecurity Technology Experience Centre on the African continent. This is designed to serve as a hub for Cybersecurity Training and a showcase of state-of-the-art cybersecurity solutions,” Mr. Tanui said. 

Still, humans play a big role in cybersecurity. 90 per cent of attacks require human interaction. This means these attacks can be directly or indirectly activated by human. 

Vice President for Proofpoint Northern Europe, Middle East, Turkey, and Africa Emile Abou Saleh believes people are the first layer of defence. “We need to play a major role in this by increasing the awareness level and helping organisations to increase the awareness level and protecting the people by helping them know what should be done and what should not be done. People are always the first layer of defense. And this is where we do come in play and support organisations to help them from being the victim,” he said during an exclusive interview at GITEX Global in Dubai.

AI in Cybersecurity and Hyperresilience

Organisations are now rapidly adopting AI. The bad guys are also adopting AI and machine learning.

“Hackers are using artificial intelligence at the end of the day to make their life easy because this is a business for them. They want to get faster to the data. They want to be fast in getting to their goals so they can make more money. And when it comes to the providers or to the companies like Proofpoint who are helping customers increase their security posture, this is where we need to integrate AI into our technology.” He said.  

According to Emil, security providers need to move faaster than the bad guys otherwise you put customers at risk.

“If you ask me what would be my advice, for example, to the customers today in the market, when you’re selecting your providers, make sure you look for companies that are adopting AI and machine learning in your technology because that would help you to secure your environment on one side and second, to make sure that you’re putting your investment with the right providers. Because eventually, whether we like it or not, the bad guys are still putting huge investment in this and they’re using the AI to get access to the data.” He said.

This will help with hyper resilience, a new term in cybersecurity that can be achieved using AI.  It means you need to be ready to deal with the situation and how to react after the fact.

Cybersecurity companies are using AI to make the networks more intelligent, embedding large language AI models inside the technology to start focusing on more predictive elements as opposed to reacting when there’s a network outage.

This is important because attackers use AI to sophisticate attacks or do multiple attacks easily and more targeted. The only way to beat them is by using AI.

Data privacy as a basic human right

Every time individuals engage in online activities, they leave behind a digital footprint, a trail of personal data that, if mishandled, can result in identity theft and erosion of trust in digital services.  

It is your right to know who has your data, how it’s being used, to what extent and be able to reach out and either change that or withdraw entirely. 

Speaking during the ninth Network of African Data Protection Authorities (NADPA) Annual General Meeting (AGM), Chief Justice Martha Koome noted the importance of seeing Data privacy as a basic human right.

“Privacy is not merely a legal or regulatory obligation; it is a fundamental human right enshrined in constitutions and international human rights instruments. It is a cornerstone of individual autonomy and dignity, essential for fostering trust in the digital ecosystem,” she said. 

“The importance of data protection lies not just in compliance with laws, but in upholding the trust and confidence that citizens place in public institutions. Our responsibility as regulators and protectors of privacy is to ensure that data collection adheres to stringent data privacy principles,” she added.

Kenyans are buying more smartphones, according to the latest quarter 2 ICT statistics. Like the last quarter, smartphones maintained an upward trend at a penetration rate of 80.5 percent while feature phones dropped to 59.3 percent. 

Digital growth comes with cybersecurity challenges – the more advanced digitally, the more attacks. There is also a huge gap of professionals in this field, so a problem that creates opportunities, opportunities the Silicon Savannah can take on.