Threat reports, security advisories, blog posts, and whitepapers from Citadel Africa's analyst team — grounded in the Kenyan and East African threat landscape.
An in-depth analysis of the cyber threats facing Kenyan and East African enterprises in 2026. Covers the most active threat actors targeting the region, emerging attack techniques, sector-by-sector risk analysis, and a forward-looking threat outlook — essential reading for CISOs, IT security managers, and risk officers across the continent.
A breakdown of the ransomware groups most active in Kenya, the sectors they are targeting, and the specific attack vectors security teams need to defend against right now.
Read Article →As African enterprises adopt LLM-powered applications, this whitepaper covers the specific attack surface they introduce — from prompt injection to model inversion — and the controls that actually work.
Download Whitepaper →BEC losses in Kenya's financial sector continue to climb. This piece examines the social engineering techniques attackers use, the red flags most staff miss, and the controls that can stop a fraudulent transfer.
Read Article →An anonymised account of a Citadel Africa incident response engagement — from the first call to containment, forensic analysis, and recovery. What worked, what almost didn't, and the lessons learned.
Read Case Study →A practical guide to Kenya's data protection landscape — the obligations that matter most, the enforcement actions that have set precedent, and the security controls that satisfy both the regulator and reduce actual risk.
Read Article →Most organisations have had a pentest that produced a long list of CVEs they couldn't action. This whitepaper explains what a genuine, intelligence-led penetration test looks like — and how to brief and evaluate one.
Download Whitepaper →A focused threat report on the criminal groups targeting Kenya's mobile money ecosystem — how SIM-swap fraud operations work, the scale of the problem, and the defensive measures that financial institutions should be implementing now.
Read Report →The organisations that recover fastest from breaches are not necessarily the most secure — they are the ones that had a plan and a team ready before the attack happened. Here is why retainers exist and what to look for in one.
Read Article →An in-depth analysis of the threat actors targeting Kenyan government institutions, public sector infrastructure, and state-owned enterprises — with actionable intelligence for security and ICT teams.
Notify me when published →Four content formats — each designed for a different audience and purpose.
In-depth intelligence reports on specific threats, threat actors, or the broader East African threat landscape. For CISOs and security managers who need strategic context.
Shorter, practical articles on current threats, security techniques, and industry developments — written for security professionals and technically-minded business leaders.
Deep technical or strategic papers on specific security domains. For practitioners, architects, and procurement teams making informed security investment decisions.
Anonymised accounts of real Citadel Africa engagements — what happened, how we responded, and what the outcome was. Evidence over assertion.
Our threat intelligence team can produce a bespoke sector or organisation-specific threat briefing — going deeper than our public content. Contact us to discuss.