Digital space expansion exposes Kenya to increased cyber threats – CA

Major attacks included Malware (33.9m), brute force attacks (34.8m) and web application attacks (4.5m).

by MARTIN MWITA

Business27 March 2025 - 10:00

In Summary

System vulnerabilities during the quarter were 752.4 million while mobile application attacks were 138,175.
DDoS (Distributed Denial of Service) attacks which flood a target with traffic from multiple sources, making it unavailable to legitimate users, were 15.1 million, up from 1.8 million.

Communications Authority Director General David Mugonyi during the 7th EACO regional e-waste awareness conference in Nairobi on March 24 / DOUGLAS OKIDDY

Kenya remains exposed to a wide range of cyber threats as the country expands its digital space, the Communications Authority of Kenya (CA) has cautioned.

This comes even as the regulator continues to implement national cybersecurity policies, and awareness campaigns, providing technical advisories, coordinating incident responses and development of a National Public Key Infrastructure.

The National KE-CIRT/CC detects, prevents and responds to various cyber threats targeted at the country on a 24 hour, seven days a week basis.

Speaking in Nairobi at the 2025 Cyber Security Bootcamp (students track) event, under a CA and Huawei programme, the authority’s director general David Mugonyi said the government and private sector must continue advancing capacities to tackle cyber threats.

“The expansion of the digital space means more attacks,” Mugonyi said.

The bootcamp is a collaboration between CA and Huawei Technologies Kenya which aims to strengthen cybersecurity capacity as a critical pillar in safeguarding the country’s digital economy.

While the demand for cybersecurity expertise continues to rise globally, Kenya faces a significant skills gap in this area, according to CA.

Latest CA data shows that during the second quarter of the 2024-2025 financial year (October-December), the total number of cyber threats detected increased by 27.2 per cent to 840.9million, up from 661.2 million in the July-September quarter.

Major attacks included Malware (33.9 million), brute force attacks (34.8 million) and web application attacks (4.5 million).

System vulnerabilities during the quarter were 752.4 million while mobile application attacks were 138,175.

DDoS (Distributed Denial of Service) attacks which flood a target with traffic from multiple sources, making it unavailable to legitimate users, were 15.1 million, up from 1.8 million.

Most of the web application threats targeted government systems and the ICT sector as attackers sought to obtain user login credentials, as well as exploit vulnerable web browsers and database servers belonging to government and Internet Service Providers (ISPs).