Although Kaspersky’s research shows that the overall number of financial malware attacks in Kenya decreased in the first half of 2021 when compared to the same period in 2020, 29.3 percent of the 7 962 attacks recorded in the country targeted corporate users, which is cause for concern, according to Kaspersky experts.
“As local businesses have continued to adjust to remote work scenarios and the rest of the circumstances surrounding the COVID-19 pandemic, we have continued to witness cybercriminals using this to their advantage, exploiting the situation however they can. When looking at such statistics, we believe it is evident that cybercriminals are more commonly targeting unsuspecting corporate users in Kenya as a way to compromise corporate systems,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.
Simply put, as more employees labor outside the relative protection of the corporate network, Kenyan businesses have become more vulnerable to financial malware. The normalization of a remote workforce makes securing the personal endpoint devices of individuals who need to access back-end systems to continue performing their job functions all the more important.
In addition to safeguarding these devices, cybersecurity training for employees is a critical component in defending against the growing epidemic of financial malware that targets individual users via phishing techniques.
Continues Opel: “It is especially financial phishing that has become one of the most popular tools used by cybercriminals to make money. It does not require much investment or technical expertise from a hacker and can be propagated quickly. In most cases, successful scammers win access either to the victim’s money or data that can be sold or otherwise monetized. For any business, this points to how important it is to address one of the weakest links in the cybersecurity chain – that of the individual user. It also signifies the importance of remaining vigilant from a cybersecurity perspective, especially during difficult operating conditions.”
Employees should only install software from reputable sources, such as legitimate app stores, according to several best practices. Nonetheless, users must always check the permissions that the app requests. If these permissions do not match the program’s intended role, they must be investigated and brought to the IT administrator’s attention.
To assist protect against a variety of financial cyber risks, both businesses and consumers should install trusted security solutions such as Kaspersky Security Cloud on all devices connected to the Internet. Throughout this, it’s critical to keep all software up to date with the newest security patches and upgrades.
Beyond basic cybersecurity solutions and training, businesses should consider employing anti-advanced persistent threat (APT) and endpoint detection and response (EDR) technology to strengthen their network environment’s defensive posture.
“With the landscape unlikely to change for the foreseeable future, it is best to combine sophisticated cybersecurity solutions with continuously evolving training to keep employees appraised of the latest threats especially when it comes to financial malware,” concludes Opil.