Threat
Landscape
Kenya Cyber Security Report 2015
Top Cyber Security
Issues in 2015
Data Exfiltration
Organisations have lost control over sensitive
and protected data.
Cyber Criminals and trusted employees are
exfiltrating hundreds of gigabytes of sensitive
data from organisations daily. The increased
use of unauthorized cloud applications and
the uncontrolled adoption of BYOD has
weakened access controls, giving users a
complete access to large volumes of
sensitive or classified data.
1
Social Engineering
Database Breaches
Organisations are defenseless against
social engineering.
Organisations across all industries in
Kenya are continuously reporting an
increase in a variety of technologically
sophisticated social engineering attacks.
This is a clear indication of the
popularity of these attacks and the
inability of organisations stop them.
Organisations are carelessly exposing their
crown jewels.
As many organisations implement enterprise
applications, the need for databases has
grown. Databases play an extremely important
role in many organisations' environment.
Despite this importance, organisations are not
adequately addressing database related risks.
2
3
Insider Threats
The enemy within is still alive and kicking.
Our research indicates that over 80% of system
related fraud and theft in 2015 was
perpetrated by employees and other insiders.
We are coming across numerous cases of
privileged users probing systems for
unauthorized access and attacking systems
for a variety of reasons including
disgruntlement, revenge, and financial gain.
VPM
4
5
Poor Identity and
Access Management
Uncontrolled identities and
access control are exposing
organisations.
Identity and access
management processes and
technologies are not well
adopted in most local
organisations. Leading to
unauthorised and inappropriate
access to highly sensitive
information.
12