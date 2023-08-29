Daily life very nearly came to a grinding halt in Kenya last month with millions of people unable to access the more than 5,000 digitised government services. The broadscale disruption served as a stark reminder of the singular challenge facing governments in Africa that are on their digital transformation journeys: Securing critical infrastructure. Indeed, the number of cyberattacks reported in the country between July and September last year rose by 200 per cent in comparison to the previous quarter.

Microsoft’s latest Cyber Signals report places a spotlight on the critical infrastructure targeted at high profile events, offering clear insight into why government entities are such attractive targets and how threat actors infiltrate essential services.

Based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the 2022 Fifa World Cup, it provides a blueprint for governments and organisations looking to mitigate against such threat actors.

Much like global sporting events, government entities are vulnerable to a level of cyber risk that simply does not exist in other environments. News reports from across the world indicate cyberattacks against state and local governments continue to accelerate, with activity targeting critical infrastructure jumping from 20 to 40 per cent of all nation-state attacks.

This is particularly the case in Africa, which records some of the highest incidence of cyberattacks in the world. And in a recent report on Africa’s cybersecurity landscape, Kenya had the highest number of decision makers (82 per cent) in the region indicating that their cybersecurity threats had increased over the past year.

The government — acknowledging the power of digital transformation in realising the country’s potential — has identified cybersecurity as a key building block for success. The government has prepared for cyberattacks with the establishment of the National Cyber Security Authority, and National Computer Incident Response Team and is collaborating with partners on the ongoing implementation of the National Cyber Security Strategy 2022-2027.

How can public sector institutions ensure their cybersecurity systems are able to thwart the heightened level of malicious activity directed their way? Microsoft recommends that agencies first conduct a cyber risk assessment, identifying potential threats specific to their organisation. This assessment should include all contractors and suppliers.

Equally critical is to prioritise the implementation of a comprehensive and multi-layered security framework powered by the cloud. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to fortify the network against unauthorised access and data breaches. Regular security audits and vulnerability assessments should also be conducted.

Beyond the security framework itself, user awareness and training programmes are crucial to educate employees about cybersecurity best practices, such as recognising phishing emails, using multifactor authentication or password-less protection, and avoiding suspicious links or downloads.