NAIROBI, Kenya, May 19, 2026/APO Group/ –At AI Everything Kenya x GITEX Kenya, taking place from 19-21 May, global cybersecurity company, Kaspersky (www.Kaspersky.co.za), talks about the current threat landscape in Kenya and the wider East Africa region, warning that the rapid development and adoption of artificial intelligence is creating new opportunities for innovation while simultaneously introducing cyberthreats for businesses and individual users. With risks varying from AI-powered social engineering campaigns and deepfake fraud to “Shadow AI” risks inside organisations, Kaspersky advises organisations to adopt clear policies, cybersecurity controls and employee education to ensure AI technologies are deployed safely and responsibly.

 

“As organisations in Kenya and the wider region accelerate digital transformation, cybersecurity is becoming a board-level priority. We are seeing growing awareness that innovation and security must develop hand in hand. Industry events such as GITEX play an important role in this process by helping businesses better understand both the impressive opportunities AI and digital technologies create, and the precautions needed to manage the evolving cyber risks that come with them,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.

 

Cyberthreat landscape developments

 

AI risks come amid other cybersecurity challenges of the evolving threat landscape in the region. Kaspersky data demonstrates that in 2025, password stealer attacks increased by 83% year-over-year in Kenya and 56% across Sub-Saharan Africa. Spyware attacks grew by the same figure of 83% in Kenya and 53% regionally, while backdoor attacks rose by 25% in Kenya and 8% across Sub-Saharan Africa. Although exploit attacks showed a slight decline, they remain a major concern due to their mass spread and unauthorised access they open to a users’ systems. Meanwhile, ransomware continues to pose a serious risk to organisations, with 7.62% of organisations in Africa experiencing ransomware detections in 2025.

 

Advanced Persistent Threats (APTs) remain among the most serious risks for enterprises. According to the Kaspersky Security Services Global Report, APT groups were detected and blocked in 21% of customers in 2025 and accounted for 23% of all high-severity incidents. These highly organised groups increasingly combine AI-enhanced techniques with social engineering and targeted intrusion methods to maximise operational effectiveness.

 

Cybersecurity traps of AI

 

According to Kaspersky experts, cybercriminals can use AI across multiple stages of cyberattacks: from preparation and communication to assembling malicious components, probing for vulnerabilities and deploying tools, while simultaneously concealing evidence of AI involvement to complicate investigations and attribution. Malicious actors are also actively distributing malware disguised as AI tools to steal sensitive information from victims.

 

One of the growing cybersecurity issues is the spread of deepfakes and AI-generated fraudulent content. As AI tools become more and more sophisticated, distinguishing authentic material from manipulated ones is becoming more difficult. Kaspersky researchers warn that AI models can also be vulnerable to “unintended memorisation”, where models retain fragments of sensitive information that attackers may later extract. Additional risks include malicious tampering with training datasets, injection of harmful logic into AI software code and exploitation of vulnerabilities within AI-powered systems.

 

The emergence of AI agents, which are systems capable of autonomously taking actions on behalf of users, creates another significant attack surface. According to Kaspersky, these systems can be manipulated through adversarial content or misconfigured autonomy settings, potentially leading to harmful real-world actions.

 

Kaspersky also highlights the growing challenge of “Shadow AI”, where employees use public AI services without oversight from IT departments. This creates uncontrolled data flows and increases the risk of confidential information exposure. A recent Kaspersky study* titled “Cybersecurity in the workplace: Employee knowledge and behaviour” showed that 87.8% of professionals surveyed in Kenya use AI tools for work-related tasks, including text editing, e-mail writing, data analytics and content creation. However, only 35% reported receiving cybersecurity training related to AI use.

 

Essential Actions in the AI-driven IT world

 

Kaspersky recommends organisations to regularly assess AI-related risks and establish comprehensive AI governance policies defining which AI tools are approved and what types of data can be processed. Regular employee training on secure AI usage, recognition of fake AI services, malicious links and prompt injection risks is equally essential.

 

To effectively manage the growing range of cyber risks, organisations should adopt a comprehensive cybersecurity strategy that combines advanced security technologies, reliable threat intelligence, strong internal processes and continuous employee education. Robust cybersecurity solutions, such as the AI-powered Kaspersky SIEM and Kaspersky Next product line, provide real-time protection, threat visibility, investigation and response capabilities.

 

For private users, Kaspersky recommends exercising caution when using AI-powered tools, carefully reviewing privacy settings, verifying the authenticity of AI applications and double-checking information generated by agentic AI systems before making decisions based on automated outputs. The company also advises families to maintain open discussions with children regarding their use of AI technologies and online safety practices.

 

Visit the Kaspersky stand at B10 in Hall 2 at GITEX Kenya to find out more.

 

*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.

JOHANNESBURG, South Africa, May 19, 2026/APO Group/ –South Africa’s government has put payroll fraud in its crosshairs. In its latest Budget Review document, the National Treasury prioritises digital payroll systems for state entities, combatting what some outlets have reported as over R4 billion in annual losses through fraudulent payroll payments.

This problem is not limited to the public sector. The Chartered Institute of Payroll Professionals estimates that South African businesses lose around R100 million annually through payroll fraud. Many of the cases involve manual and paper-based payroll systems that are easy to manipulate.

 

The adoption of digital payroll platforms can reduce and catch fraud before it becomes a serious issue. However, going digital is not enough, says Yolande Schoültz, founder of YSchoültz Attorneys and one of SA’s foremost payroll fraud experts.

 

“There is no doubt that digital systems are better than paper-based payroll management. But a digital system only makes it much easier to track down and stop fraud. The organisation must still put the right measures in place, such as approval policies and oversight checks.”

 

Payroll fraud red flags

 

Perpetrators of payroll fraud commit their crimes in several ways. A lone individual might skim money unnoticed by creating ghost employees or redirecting payments. They might collude with former employees, leaving the latter’s details on the system and splitting their salary payments.

 

Whatever the method, the most common aspect of payroll fraud is an administrator operating under little or no oversight, says Schoültz.

 

“There should be a chain of custody, such as someone signing off on salary calculations and doing spot checks to ensure everything is legitimate. But it’s amazing how often, even at large companies, the payroll administrator is working on their own and is the only one with proper access to the payroll system.”

 

Payroll fraud has several red flags, including:

 

• Unapproved bank accounts or changes to banking details.
• Changes to employee, account, or reporting information right before or after a payroll run.
• Excessive overtime, since payroll fraudsters often put in disproportionate hours to maintain control.
• Strange login and backup hours, another attempt to maintain control and avoid scrutiny.
• No system locks during payroll runs that would avoid manipulation of records and calculations.
• Manually feeding calculations into other systems.
• Frequent payment errors.
• Payroll software isolated to one device that only the payroll administrator can access.

 

Individually, some of these warnings can be innocuous. They can be signs of an overworked administrator or lacking workplace strategies. But the presence of several is reason to be concerned, and some (such as changed banking details) are immediate cause for alarm.

 

Preventing payroll fraud with technology

 

Modern payroll platforms help organisations reduce fraud, but only when used correctly and alongside other safeguards.

 

“There is no magical app that just changes how you operate,” says Sandra Crous, managing director of payroll provider Deel Local Payroll. “A nutrition app won’t automatically get you to eat less, and a fitness app won’t suddenly get you to exercise more. You still have to make changes and use the app to reinforce your new behaviours. A payroll platform gives a business the tools to oversee and manage payroll through different layers, but the business must use those tools in accordance with its policies.”

 

Spot checks can quickly reveal issues that require more scrutiny. Payroll platforms support fraud detection and financial diligence in several ways:

 

• System and bank account changes: The platform provides reports and audit trails, and generates custom reports for authorised employees.
• Isolated access: Modern payroll platforms operate as cloud software, accessible to multiple authorised users and devices.
• Single users: Secure accounts that give different people, such as auditors, finance directors, and HR heads, access to dashboards and reports.
• Manual data entry: Payroll platforms integrate with other systems of record, sharing payroll data automatically and leaving no room for interference.
• Obscure payroll information: Employee self-service (ESS) features enable employees to access payslips and other information directly, helping them spot irregularities.

 

An organisation must create oversight through clear policies, spot checks, and leadership oversight. The right payroll platform can even help people with limited payroll knowledge uncover strange behaviours.

 

“You won’t spot payroll fraud if you keep looking for big changes and payments,” says Schoültz. “Most payroll fraudsters siphon money over a long time and across multiple bank accounts, making it harder to detect. That’s much easier with paper-based systems, spreadsheets, and older payroll software. But if you can access regular reports and integrate payroll data with other systems, it becomes much harder for people to commit fraud, and much easier for you to catch them if they do.”