February 7, 2026 • Joseph Kyule

Introduction    

As Kenya's digital ecosystem expands, so does the sophistication of threats aiming to undermine it. The National Kenya Computer Incident Response Team - Coordination Centre (National KE-CIRT/CC), housed within the Communications Authority of Kenya, stands as the nation's frontline defense. In the first quarter of 2025-2026 (July to September), their efforts detected a staggering 842 million cyber threat events. This post breaks down the key threats they tackled, the proactive steps taken, and the strategic partnerships shaping a more resilient digital Kenya.

Key Threat Landscape: What Kenya Faced

The cyber threat landscape in Q1 was dynamic and aggressive, with malicious actors employing increasingly complex methods. Here are the primary attack vectors that dominated the period:

• Ransomware on the Rise: Attacks targeting Critical Information Infrastructure (CII) intensified, with criminals using Ransomware-as-a-Service (RaaS) models enhanced by AI-assisted extortion. These attacks combined data encryption with Distributed Denial-of-Service (DDoS) attacks to pressure victims.
• Sophisticated Social Engineering: Phishing campaigns became highly personalized, leveraging AI-generated content, voice deepfakes, and targeted Business Email Compromise (BEC) schemes across email, SMS, and voice channels.
• System Vulnerabilities Exploited: Misconfigurations in cloud services and APIs were a major weak point, while Advanced Persistent Threats (APTs) quietly infiltrated networks for long-term espionage, particularly targeting government and critical systems.
• Prevalent Attack Methods: Malware and system vulnerability exploits were the most common vectors, followed by significant volumes of web application attacks, brute force attempts, and mobile application threats.

The Response: Advisories and Strategic Actions

In response to these over 842 million detected events, the National KE-CIRT/CC issued a record 19.95 million cyber threat advisories—a 15.53% increase from the previous quarter. These advisories consistently emphasized foundational cybersecurity hygiene:

• Patching is Paramount: Immediate and regular patching of operating systems, software, and firmware was the top recommendation to close security gaps.
• Authentication Must Be Strong: Enforcing Multi-Factor Authentication (MFA) and robust password policies across all possible entry points was critical.
• Defense Needs Layering: Organizations were urged to deploy properly configured network firewalls, antivirus software, and AI-based traffic anomaly detection systems.

For specific threats, tailored advice was given, such as maintaining offline backups for ransomware, applying secure-by-default settings for cloud configurations, and implementing phishing-resistant authentication like passkeys.

Building National Capacity: Training and Collaboration

Recognizing that technology alone isn't enough, the quarter focused heavily on building human and collaborative capacity:

• Cyber Threat Intelligence (CTI) Training: In partnership with the UK's Foreign, Commonwealth & Development Office (FCDO), a four-day CTI program was held for the National KE-CIRT/CC Cybersecurity Committee (NKCC). It featured hands-on penetration testing labs and a national-level cyber crisis simulation to improve tactical and strategic response coordination.
• Engaging the Next Generation: The inaugural 2025 Cybersecurity Youth Forum brought together over 100 young people, experts, and policymakers to address misinformation and steer digital curiosity toward innovation, not crime.
• Professional Skill Development: A two-week Cybersecurity Bootcamp for Professionals with Huawei equipped 52 technical officers with advanced skills in firewall hardening, VPNs, intrusion prevention, and penetration testing.
• Regional and Sectoral Leadership: The National KE-CIRT/CC hosted benchmarking visits from regulators in Namibia and Malawi, and the Kenyan insurance sector, sharing knowledge and establishing frameworks for cooperation

Looking Ahead: A Unified Front Against Cybercrime

The report outlines a proactive agenda for the coming months, including hosting the 2025 Annual Cyber Security Conference & FIRST Technical Colloquium in Nairobi this October. This event will further promote the multi-stakeholder cooperation essential for national resilience.

The Bottom Line

The Q1 2025-2026 report paints a clear picture: cyber threats are evolving, but Kenya's strategic defense is evolving faster. Through a combination of massive-scale threat detection, clear public advisories on core security practices, and deep investment in human and collaborative capacity, the National KE-CIRT/CC is working to ensure Kenya's digital society is not only accessible but secure and sustainable for all.

To access the full report, you can find it here https://www.ca.go.ke/reports-and-studies

*For more information or to report a cyber incident, contact the National KE-CIRT/CC at +254-703-042700, incidents@ke-cirt.go.ke, or visit www.ke-cirt.go.ke.*

Telephone: +254 115 867 309 | +254 740 196 519

Email: cybersecurity@southendtech.co.ke | info@southendtech.co.ke |

dataprotection@southendtech.co.k

Comments (0)