Increased uptake of smartphones in digitisation drive raises cybersecurity threats

The transition from using a feature phone — commonly known in Kenya as 'kabambe' or 'mulika mwizi' — to a smartphone, often presents significant challenges for low-end users, mostly in rural settings, particularly when it comes to navigating the complexities of a new user interface.

Issues of cost, limited internet connectivity and digital literacy are other prevalent constraints to the shift.

However, the often overlooked security concern that comes with the digitisation drive is proving to be the new big worry for the fast-moving shift.

A spot check by The Eastleigh Voice established that a majority of households in the city have completely done away with the use of feature phones.

Four out of five respondents who spoke to The Eastleigh Voice in Kasarani-Mwiki area, for instance, noted that their entire households are fully smartphone equipped, some citing not less than three years back as the last time they used a feature phone.

"I can't remember the last time anyone in my house or I used a 'mulika mwizi'. It's a thing of the past," said one of the respondents who identified herself as Jane.

Jane's and the other three respondents' stories could also reflect the story in many other households across the country, most especially in outlying counties, which are the main targets of the digitisation movement.

This is mirrored by the latest Q4 sector statistics report by the Communications Authority of Kenya (CA), which says the country is witnessing an increased uptake of digital services, pictured by the growth in mobile and internet penetration in the three months to June this year.

It, however, concurs that the prospect brings about increased incidence in the national cyber security landscape.

The report shows as of June 30, 2024, the total fixed data/internet subscriptions experienced growth driven by increasing uptake and reliance on digital platforms for work, education, healthcare and entertainment.

This along with attractive tariffs and special offers from service providers.

"The total fixed internet subscriptions grew by 7.4 per cent to reach 1.5 million. Satellite subscriptions recorded a significant growth of 73.1 per cent in Q4, and a 1,955.3 per cent growth in the 2023/24 financial year," the Q4 sector statistics report reads.

Satellite subscriptions

Growth in satellite subscriptions is attributed to the licensing and subsequent launch of Starlink internet services in Kenya earlier in the financial year.

On the other hand, the report notes that in the period under review, the total number of mobile phone devices connected to mobile networks stood at 66.1 million, with a penetration rate of 128.3 per cent.

Notably, the number of smartphones grew by 14.3 per cent to 35.2 million as of June 2024, from 30.8 million in the same period last year.

Consequently, the number of feature phones decreased by four per cent from 32.1 million in June last year to 30.9 million in the period under review, giving a sneak peek into the transition.

The penetration rates for smartphones and feature phones were 68.3 and 59.9 per cent, respectively.

As a result, CA says the increased digitisation is proportionately increasing the incidence of cyber attacks in the country.

"The total cyber threats detected in the quarter under review rose by 16.5 per cent from 971.4 million reported in the previous quarter to 1.1 billion," reads the report.

This is as gangs are reportedly becoming smarter, taking less than a week to execute a cyber attack while targeting the ever-growing digital market.

A study conducted by the international lobby group, World Economic Forum (WEF), early this year revealed that the average number of days taken by cyber criminals to execute a single attack has moved from around 60 days in 2019 to four today.

Artificial intelligence

The lobby attributed the development to the fast-growing artificial intelligence (AI), which is potentially increasing the number and frequency of attacks.

"Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI is also helping the less proficient threat actors create new strains and variations of existing ransomware, increasing the number of attacks they can execute," the lobby said.

"We, therefore, expect an increased utilisation of AI by malicious actors in the future, necessitating even stronger cybersecurity measures."

The lobby also reiterated the concern over the increasing number of people owning smartphones, tablets and laptops, terming it an attractive combination for cybercriminals.

During the Covid-19 pandemic period, many organisations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication, a move the lobby says resulted in several successful cyberattacks.

"Criminals are now targeting mobile devices with specific malware to gain remote access, steal login credentials, or to deploy ransomware," WEF says.

It adds that personal devices tend to have less stringent security measures, and utilising public Wi-Fi on such devices can increase their vulnerability, including exposure to phishing attacks via social media.

Phishing is a type of cybercrime that involves tricking people into giving away sensitive information or installing malware.

WEF further cautions that the 5G technology rollout is also an area of potential concern if not managed appropriately, given it will power even more connected devices, including sophisticated applications, from driverless cars to smart cities.