Hello

Your subscription is almost coming to an end. Don’t miss out on the great content on Nation.Africa

Ready to continue your informative journey with us?

Hello

Your premium access has ended, but the best of Nation.Africa is still within reach. Renew now to unlock exclusive stories and in-depth features.

Reclaim your full access. Click below to renew.

Subscribe for a month to get full access

AI: The new arsenal of cybercriminals and what Kenyan businesses can do about it

Photo credit: Kaspersky Africa

By Bethwel Opil

Artificial Intelligence (AI) is becoming one of the most powerful tools in a cybercriminal’s arsenal. What once seemed like a futuristic concept is now a daily reality for cybersecurity teams, especially in fast-growing digital economies like Kenya. As businesses in Kenya rapidly digitise, the evolving cyber threat landscape calls for a more strategic, future-ready response to cybersecurity.

A recent Kaspersky study reveals that 53 percent of cybersecurity professionals in the Middle East, Türkiye, and Africa (META) region believe a majority of cyberattacks on their organisations in the past year involved some form of AI. This should be considered a wake-up call.

How cybercriminals are weaponising AI

AI allows attackers to scale their operations with unprecedented speed, precision, and anonymity. Through machine learning, bad actors can launch highly targeted phishing and social engineering attacks, analysing an employee's digital footprint to craft personalised messages that bypass traditional security filters. Deepfake audio and video impersonations of CEOs or senior executives are now being used in corporate scams, while machine learning enables real-time testing of attack variants to bypass firewalls and antivirus software.

This rise in AI-driven threats means that no organisation is too small to be targeted. AI lowers the cost of launching attacks, allowing cybercriminals to simultaneously target hundreds or thousands of businesses across borders — many of which may lack the defenses or awareness to respond in time.

Why this matters for Kenya

Kenya is considered one of Africa’s most digitally progressive economies, but that digital leadership comes with risks. As more businesses and government services move online, the country becomes a more attractive target for AI-powered cybercrime.

Attacks are growing not only in number but in sophistication. Kaspersky’s research shows that across META, organisations are witnessing a sharp rise in phishing, ransomware, and covert malware installation. Furthermore, 92 percent of IT and Information Security professionals surveyed in the META region expect the use of AI by malicious actors to escalate over the next two years. These will likely include deepfakes, zero-day exploits, and social engineering enhanced by AI.

This trend is mirrored in Kenya’s own cyber threat landscape. As organisations increasingly rely on remote and hybrid work, and as more individuals interact digitally, entry points for cyberattacks multiply. At the same time, local skills shortages in cybersecurity and budget limitations mean that many local companies are underprepared.

The skills gap and infrastructure challenge

While AI brings threats, it also holds potential to defend. In Kaspersky’s global study, 94 percent of all respondents agreed that AI-enhanced cybersecurity tools are essential for proactively identifying and mitigating threats. However, the same study revealed that 50 percent of organisations globally lack sufficient qualified cybersecurity staff, and 39 percent are unable to find suitable candidates.

In Kenya, where the technology sector is booming, the demand for cybersecurity talent is outpacing supply. Small and mid-sized enterprises (SMEs) are particularly vulnerable, lacking both the in-house expertise and resources to deploy the layered defenses needed to counter AI-augmented attacks.

Photo credit: Kaspersky Africa

Building a smarter, AI-aware defence

So, what should local businesses do to protect themselves? The answer lies in building a multi-layered cybersecurity strategy that combines people, processes, and technology — with AI playing a vital role in every layer.

1. Invest in advanced threat detection

AI has become essential for early detection of complex cyber threats. In a region like Kenya, where attacks are becoming more frequent and sophisticated, deploying AI-powered security solutions — such as Kaspersky Next — allows organisations to detect anomalies in real time, spot previously unknown attack patterns, and respond before breaches escalate. These tools use machine learning models trained on vast datasets to constantly improve accuracy.

2. Educate your workforce and close the human gap

Human error remains one of the biggest vulnerabilities in cybersecurity. AI-driven attacks often exploit human weaknesses through techniques like phishing and social engineering. That’s why staff training must be a frontline defence. Kaspersky recommends consistent education programmes using opportunities like the Kaspersky Automated Security Awareness Platform, which adapts to users’ skill levels and reinforces secure behaviours over time.

3. Collaborate and seek support to overcome the talent shortage

The global shortage of qualified cybersecurity professionals is one of the most significant barriers to building AI-resilient defences. To bridge this gap, the value of external partnerships, managed security services, and collaboration with trusted vendors, cannot be ignored. For SMEs and resource-constrained businesses in Kenya, this approach can offer access to advanced technologies and expertise without the overhead of building internal teams.

4. Align with regulations and adopt adaptive strategies

Cybersecurity has become a regulatory priority. Organisations must view cybersecurity through a strategic lens, aligning with emerging regulations and embedding cyber resilience into business continuity planning. For senior decision-makers, this means staying informed about evolving compliance requirements and building flexible defences that can adapt to AI-powered attack vectors, supply chain vulnerabilities, and operational disruptions. AI can support this adaptability by automating threat analysis, accelerating incident response, and generating actionable insights for executive decision-makers.

5. Use AI defensively, not just reactively

Finally, businesses must recognise that AI can also be used as a powerful defensive measure. It is important to use AI to combat AI, applying automation to analyse threat intelligence, simulate attack scenarios, and harden critical infrastructure. By leveraging AI in predictive analytics and behavioural modelling, organisations can anticipate risks before they materialise. This proactive mind-set is essential for building cyber maturity in an era where cybercriminals no longer act alone. They act with algorithms.

The path forward

AI may be amplifying threats, but it is also one of the most powerful tools we have to future-proof cybersecurity. Rather than fear its capabilities, businesses should harness AI to enhance their defence strategies, improve efficiency, and stay ahead of an increasingly complex threat landscape.

Kaspersky’s global research reveals a consensus among security professionals: AI is no longer optional. Nearly all respondents (94 percent) believe AI-driven tools are essential for proactive threat detection and response. While the research shows that only 27 percent already use AI-based tools, as many as 46 percent are implementing this type of solution right now, and a further 23 percent are actively engaged in reaching the implementation stage. AI enables organisations to automate threat detection, streamline incident response, and generate actionable insights faster than human analysts alone.

This does not mean replacing people. Rather, AI and human intelligence must work hand in hand. AI is most effective when supported by skilled professionals, strong governance, and ethical oversight. For Kenya, this presents a dual opportunity: To invest in next-generation technologies and simultaneously nurture a local cybersecurity talent pipeline capable of managing and adapting these solutions to African contexts.

Moreover, AI empowers defenders to shift from reactive to proactive security. Through behavioural analysis, anomaly detection, and predictive modelling, AI can anticipate threats before they cause harm — a crucial capability in a region where infrastructure gaps and resource constraints often delay response times. Local businesses that adopt AI not only strengthen their security but also position themselves to compete more effectively in an increasingly digital economy.

Finally, organisations must collaborate with trusted cybersecurity partners who can provide AI expertise, training, and infrastructure support, especially for small and mid-sized enterprises. With the right combination of tools, skills, and partnerships, businesses in Kenya can build resilient, AI-aware environments that are prepared not only for today’s cyberthreats, but also for the evolving challenges of tomorrow.

To learn more about how Kaspersky can support your business with AI-enhanced cybersecurity solutions, visit www.kaspersky.co.za or explore our latest global research on the intersection of AI and digital defence.

____________________

Bethwel Opil is the Enterprise Client Lead, Kaspersky Africa