By VINCENT OWINO

More by this Author

The reality of cyberthreat is now dawning on businesses as a sudden spike in hacking incidence rock the globe, forcing increased vigilance in cyber systems, which could lead to increased costs for businesses.

The International Monetary Fund is the latest victim in the new wave of cyberattacks, in which criminals appear to have changed tack and advancing sophistication, making it harder for businesses to thwart cyberthreats.

Last week, the global lender announced that it experienced a cyberattack in February, resulting in 11 of its official email accounts being compromised, exposing it to data leakage and unauthorised access of sensitive internal information.

“The IMF takes prevention of, and defence against, cyber incidents very seriously and, like all organisations, operates under the assumption that cyber incidents will unfortunately occur,” the lender said, but fell short of disclosing the extent of damage caused by the attack.

Read: AI may prevent or worsen hacking incidents

Over in the US, a ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually, caused massive disruptions nearly three weeks after its first attack in February.

Earlier in the year, Kenya Airways (KQ), the region’s largest carrier admitted that it had suffered a ransomware attack, in which cybercriminals gained access to sensitive staff and customer data, and later publishing it on the dark web.

Now, new data from the Communications Authority of Kenya reveals that the KQ attack, which happened on December 31 last year, may not have been an isolated incident as cyberthreats significantly rose around that time.

In the quarter to December last year, cyber threats detected in Kenya increased by 943 percent to 1.3 billion threats, up from just 123 million threats the previous quarter, a sharp spike indicating the growing risk of cyber incidences in Kenya.

The sharpest rise was in attempts to exploit system vulnerabilities, which increased more than tenfold to 1.2 billion detected threats, while others like malware threats, web application attacks, and mobile application attacks more than doubled.

Globally, the trend is not any different. A new report by American cybersecurity firm Crowdstrike, published this month reveals that successful cyberattacks increased by 76 percent globally last year, with at least 36 new cybercriminal groups detected in the period.

The sudden spike in cyber threat has gotten businesses worried, and experts argue it may increase business costs as firms race to seal security vulnerabilities to avoid possible attacks this year.

Read: Cybersecurity: Rise of the enemy within

Multiple surveys of top business leaders in the region and across the globe at the beginning of the year revealed that cybersecurity is a top threat for the executives, toppling other risks which previously troubled firms.

For example, in the Global Risks Report published by the World Economic Forum in January, cybersecurity risk moved up four places to be ranked the fourth most prominent risk for business and world leaders this year, displacing climate change-related risks, cost of living crisis and geopolitical tensions.

The Allianz Risk Barometer, published by the insurer Allianz in February, also showed that businesses, including in East Africa, were increasingly worried about cybercrime this year, while such risks as climate change-related losses lose prominence.

William Makatiani, chief executive of Nairobi-based cybersecurity firm Serianu, says the spike is because cybercriminals have become more sophisticated in their tactics, thanks to new technologies including artificial intelligence.

“The attackers are using the most recent technologies, but most companies have outdated defence systems, making them very vulnerable to threats,” he told The EastAfrican.

Mr Makatiani reckons that institutions such as IMF may invest heavily in up-to-date security systems, attackers are also exploiting staff through ‘social engineering’ techniques, by tricking unsuspecting staff into clicking links that then enable the attackers to access their systems.

“Firms must appreciate the fact that cybercriminals have gotten smarter. They are coming with guns now, you can’t keep fighting them with machetes,” he said, adding that organisations need also to train their staff and create awareness of the growing trend.