Kenya Cyber Security Report 2015
Further, all the organisations in the study were exposed to
malicious software that had penetrated the organisations
perimeter security. Out of 300,000 security alerts, 68%
percent were customized malware, 28% percent were
trojans and 10% percent were backdoors. A customized
malware is a malicious code that has not yet been seen by
the internet security community.
How do you
determine an infected
organisation?
Organisations
should investigate
whether their
protection
mechanisms
are sufficient
in today’s
interconnected
world where
attacks are
growing in
complexity.
organisations
were
averaging
2 infected
infrastructure
hosts (servers),
15 infected
end user
computers
and 30
unauthorized
remote
connection per
day.
Normally, When a computer/host has been infected
Such figures illustrate how discouraging it is for Kenyan
with malware, the malware will eventually start to call a
organisations to manually manage alerts in order to
remote server and wait for a response. These servers are
differentiate a real and present threat. There is a lot of
also known as Command and Control servers (CnC). The
malicious zero-day traffic that is impossible to detect
attacker can connect to the compromised host via the
using traditional information security solutions. In
CnC server and provide further instructions in order to
addition to this advanced threat, there is also known
conduct a targeted attack on the inside of the organisation
malicious traffic that should not exist if already installed
network.
solutions would work properly. It also sheds light on
why recent high profile attacks at organisations, like the
The main finding of the study is that all organisations in
Sony Attack, were undetected for so long, since alerts
the scope of the study are already breached. It means that
don’t equal infections. The only way to determine if an
organisations in Kenya cannot trust that their information
organisations has been compromised is to correlate
assets are secured.
logged activities, which takes way too much time and man
hours.
According to this study, a typical Kenyan organisation is
generating thousands of security incidents in a day, with
Organisations should investigate whether their protection
the most active organisation generating around 10,000
mechanisms are sufficient in today’s interconnected world
security incidents per day. We have also discovered that
where attacks are growing in complexity
34