According to PWC Kenya’s 2023 half year cybersecurity report, the first half of 2023 has seen a rise in sophisticated cyberattacks, with cybercriminals exploiting vulnerabilities in new and innovative ways.

Technology developments such as the rise of AI, for example Chat GPT, has made phishing fraud more accessible to criminals and compounded the risks. 22% of the respondents in East Africa reported having encountered instances of cybercrime. They also observed that cyber criminals are becoming more sophisticated and perpetrating fewer but more lucrative cyber-attacks.AI technologies introduced new security and data privacy risks, with organizations facing challenges in reducing data leakage through posting sensitive data on AI systems and staying ahead of AI-based phishing attacks.

Notably, over 16,000 vulnerabilities were discovered in the half year period. Out of this, more than 50% of the reported vulnerabilities were high and medium risk, posing risks such as unauthorized access, denial of service, or manipulation of data.
Ransomware Continues to Plague Organizations: Ransomware attacks have targeted organizations of all sizes and sectors, with criminals adopting double extortion tactics combining encryption with data theft and threats to leak sensitive information.
Also, the second quarter of 2023 saw a surge in meticulously planned and customized DDoS attack initiatives by groups such as REvil, Killnet, and Anonymous Sudan.
The integration of AI technologies introduced new security and data privacy risks, with organizations facing challenges in reducing data leakage through posting sensitive data on AI systems and staying ahead of AI-based phishing attacks.
The report further notes that cloud security challenges intensified. Misconfigurations, inadequate access controls, and weak security hygiene were common themes, while attackers demonstrated advanced understanding of cloud architecture.