As the cybersecurity landscape continues to witness unprecedented challenges, the number of cyber attacks is on the decline with criminals perpetrating fewer targets, consulting firm PwC now says.
However, the firm says criminals have instead become increasingly sophisticated and exploiting vulnerabilities in new and innovative ways, a move businesses should be wary about.
“Respondents from East Africa have observed that cybercriminals are becoming more sophisticated and perpetrating fewer but more lucrative cyber-attacks,” PwC says.
“This is on the back of technology developments such as the rise of AI, for example, Chat GPT, which has made phishing fraud more accessible to criminals and compounded the risks.”
Online threats in the country have recorded some slight decline in the recent past, with the latest report from the Communications Authority of Kenya (CA), showing the numbers declined by 25.6 per cent to 139.8 million for the three-month period to June this year.
This is from 187.8 million recorded in the previous quarter.
Although the regulator did not specify the main contributing factor to the decline, the report highlighted a significant increase in the number of Cyber threat advisories, a countermeasure, in the period under review.
PwC’s survey shows 22 per cent of the respondents reported having encountered instances of cybercrime during the first half of this year.
It says over 16,000 vulnerabilities were discovered.
“About 50 per cent of the vulnerabilities reported were high and medium risk vulnerabilities. They presented risks such as unauthorized access, denial of service, or manipulation of data within the affected systems,” the report reads.
On the other hand, cloud security challenges intensified, as challenges associated with securing cloud environments grew.
Misconfigurations, inadequate access controls and weak security hygiene were the common themes with attackers demonstrating an advanced understanding of cloud architecture through the different attacks reported.
Ransomware also continues to plague organisations. The firm says the attacks remained a prominent threat, targeting organisations of all sizes and across various sectors.
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off.
In this regard, PwC says cybercriminals adopted double extortion tactics, combining encryption with data theft and subsequent threats to leak sensitive information, resulting in substantial financial losses and reputational damage for victims.
Nevertheless, the integration of AI technologies introduced new security and data privacy risks, the firm says in part.
It says organisations face the challenge of reducing data leakage through posting sensitive data on AI systems and staying ahead of AI-based phishing attacks.
PwC, therefore, calls for organisations to prioritise comprehensive security measures, including robust incident response capabilities, supply chain risk management, cloud security practices and privacy compliance.
“By adopting a proactive and collaborative approach, organisations can navigate the dynamic threat landscape, enhance their cybersecurity posture, and safeguard their critical assets in the face of emerging cyber threats.”
Source: The Star