Top Cyber Threats Facing Kenyan SMBs and How to Protect Your Business

In the fast-evolving digital landscape, Kenyan small and medium-sized businesses (SMBs) are becoming increasingly attractive targets for cybercriminals. According to the Kenya National Cybersecurity Strategy 2023, cyberattacks on SMBs rose by 43% in the past year, with many businesses suffering substantial financial and reputational damage. While SMBs often believe they are too small to be targeted, the reality is that many attackers see them as low-hanging fruit due to limited resources and weak defences.

In this blog, we’ll explore the top cyber threats Kenyan SMBs are facing and provide actionable tips on how to mitigate them.

1. Phishing Attacks: Tricking Employees into Giving Away Data

Phishing attacks, where cybercriminals impersonate trusted entities to steal sensitive information, remain one of the most common cyber threats. A 2023 study by Kaspersky revealed that 60% of SMB cyberattacks in Kenya were linked to phishing schemes, often targeting employees through email or SMS.

How to Mitigate Phishing Attacks:

• Train your employees: Regularly educate staff on how to recognize phishing emails and suspicious links. Simple indicators like poor grammar, unexpected attachments, or requests for sensitive information should raise red flags.
• Use email filters: Tools like SpamTitan or Barracuda can help filter out phishing emails before they reach employees’ inboxes.
• Multi-factor authentication (MFA): MFA adds an additional layer of security, making it harder for attackers to gain access even if they manage to steal a password.

2. Ransomware: Holding Your Business Hostage

Ransomware attacks, where attackers encrypt a company’s data and demand payment for its release, have become increasingly common. According to Cybersecurity Ventures, ransomware attacks are expected to occur every 11 seconds globally in 2024. In Kenya, SMBs have not been spared; 35% of cyberattacks in 2023 involved some form of ransomware.

How to Mitigate Ransomware:

• Regular backups: Ensure your data is backed up frequently, both to the cloud and offline. Services like Google Cloud or AWS offer scalable and secure options for small businesses.
• Keep software updated: Outdated software and systems are prime targets for ransomware. Regularly patch your systems to fix vulnerabilities.
• Employee awareness: Educate your team on how ransomware spreads, often through malicious attachments or links.

3. Data Breaches: Exposing Sensitive Information

Data breaches are becoming a major concern for SMBs, with attackers seeking access to customer and financial information. In 2023, 45% of Kenyan businesses reported breaches that compromised sensitive data. For SMBs, a data breach can result in significant financial losses and reputational damage.

How to Mitigate Data Breaches:

• Encrypt sensitive data: Ensure that any sensitive information, such as customer records or financial data, is encrypted both in transit and at rest.
• Access controls: Limit access to critical data to only those employees who need it. Implement role-based access to minimize potential exposure.
• Secure cloud storage: If using cloud services, ensure they offer robust security measures like encryption and two-factor authentication.

4. Insider Threats: The Danger Within

While external threats get most of the attention, insider threats—whether accidental or malicious—are also a significant risk. According to IBM’s 2023 Cost of a Data Breach Report, insider threats account for 20% of data breaches globally. Employees or former employees with access to sensitive data can unintentionally or intentionally compromise a company’s cybersecurity.

How to Mitigate Insider Threats:

• Monitor user activity: Tools like Splunk or SolarWinds allow businesses to monitor employee activity and detect unusual behaviour or access patterns.
• Implement strict access policies: Only give employees access to the information they need for their jobs. Regularly review and update access rights.
• Employee exit protocols: Ensure that when employees leave the company, their access to all systems and data is immediately revoked.

5. Unsecured Wi-Fi Networks: An Open Door for Hackers

Many Kenyan SMBs offer free Wi-Fi to customers or rely on shared networks for their day-to-day operations. However, unsecured Wi-Fi can act as a gateway for attackers to infiltrate your network. In 2023, there was a 20% increase in attacks on SMBs through compromised Wi-Fi networks.

How to Mitigate Wi-Fi Threats:

• Use a strong Wi-Fi password: Ensure that your Wi-Fi network is protected with a strong password and uses WPA3 encryption for the highest level of security.
• Segment your network: Separate customer Wi-Fi from your business network to ensure that any vulnerabilities on the guest network don’t compromise your internal systems.
• Disable unused networks: Disable unused Wi-Fi networks or hotspots to reduce potential attack surfaces.

6. Malware: The Silent Saboteur

Malware remains a persistent threat to businesses of all sizes. Infected devices can steal data, compromise systems, and disrupt business operations. In Kenya, Kaspersky’s 2023 Cybersecurity Report highlighted that malware attacks on SMBs increased by 32% in the past year.

How to Mitigate Malware Threats:

• Install antivirus software: Free or affordable antivirus solutions like Avast Business or Malwarebytes provide strong protection against a wide range of malware.
• Regular software updates: Many malware attacks exploit vulnerabilities in outdated software. Ensure that all systems and applications are up to date.
• Limit software downloads: Implement policies that restrict employees from downloading unverified or unauthorized software, which may carry malware.

7. Supply Chain Attacks: The Hidden Threat

As businesses increasingly rely on third-party suppliers and vendors for software and services, they become vulnerable to supply chain attacks. In these attacks, cybercriminals target a business’s suppliers or vendors to gain access to its systems. Globally, 62% of all organizations experienced a supply chain attack in 2023, and Kenyan businesses are no exception.

How to Mitigate Supply Chain Risks:

• Vet your suppliers: Conduct thorough due diligence on any third-party providers to ensure they have strong cybersecurity measures in place.
• Implement strong contracts: Include clauses in your contracts with vendors that require them to maintain specific cybersecurity standards and notify you of any breaches.
• Monitor third-party access: Use tools like Okta to manage and monitor any third-party access to your systems.

Conclusion: Cybersecurity is a Priority for Kenyan SMBs

As cyberattacks grow more sophisticated and prevalent, Kenyan SMBs must prioritize cybersecurity as a key part of their business strategy. While budget constraints may seem like a hurdle, there are affordable and practical steps SMBs can take to protect their operations from these common cyber threats.

By educating employees, securing your network, and staying up-to-date on software and security practices, even the smallest business can build a robust defence against cyberattacks. Remember, a proactive approach to cybersecurity today can save your business from costly and damaging attacks tomorrow.

A proactive approach to cybersecurity today can save your business from costly and damaging attacks tomorrow.

Cyber Hygiene Community