The appointment of a
fully-fledged Minister of Cyber Security, Threat Detection and Mitigation has
been met with a lot of scepticism. This has been mainly driven by the perceived
duplication of responsibilities among ministries, and also by the lack of
public understanding of the real threat cybercrime poses. Such a perception threatens
to downplay one of the fastest growing threats to technological development,
not only affecting Zimbabwe but globally.
This has not been helped by the
fact that this appointment was made following the tabling of the Cybercrime and
Cybersecurity Bill (2017) which addresses the associated issues whilst allocating
the responsibilities to the already existing Ministry of ICT. Several
announcements by senior government officials relating to the use and perceived
abuse of social media have also raised fears about what the new ministry will
mean for civil liberties; especially those related to freedom of speech but most
crucially, also adversely masking the real threat posed by cybercrime. It is
indeed unfortunate that the general message coming from the government and the
minister himself has an over-emphasis on stopping social media political
activism at the expense of real cybercrime. Issues surrounding cybercrime and
cybersecurity should not be trivialised by the government’s perceived motive or
the reaction of the media and social commentators.
Cybercrime includes a broad range
of illegal activities committed by means of a computer system or network. Unfortunately,
most cybercrime exploits the poor knowledge and lax security habits of the
general public. Cybercrime is no longer confined to fake e-mails “from the son
of a dead African King”, but has become much more sophisticated and threatens
to derail the economic benefits being achieved through technological
advancements. It is the duty of the government to dispel the public perception,
and convince the populace that this ministry was not created to instil fear on
social media users, but rather to deal with the ever-growing threat from cybercrime.
For the country to be adequately protected there needs to be more public sensitisation,
education and training to increase awareness of the threats.
The general public is familiar
with the usual physical burglary and theft, but the nature of cybercrime is
such that the majority of people and businesses will not necessarily realise
when digital burglary has taken place. Even though cyber-crime comes in
different forms; it can be categorised into attacks against individuals,
companies/organisations or other countries.
Personal crimes mainly involve
identity-theft related scams in which personal details are stolen. A number of
illegal/criminal activities can be perpetrated by an individual using the
stolen identity. Besides financial fraud (for example using your ID to obtain a
loan in your name), identity thieves commit crimes, such as drug-trafficking, smuggling
and terrorism, among many other criminal activities whilst posing as other
people.
A range of scams targeting
individuals have been identified, with Zimbabwe having its fair share. A
number
of people can testify to being lured online into depositing money to buy goods
such as cars, clothing, groceries or services such as shipping, with companies
and individuals disappearing from the cyber-world after collecting the money.
There have also been reports of individuals lured into depositing money to
secure non-existent job opportunities among other scams.
Attacks against organisations are
becoming common and have recently manifested themselves in the form of Ransomware.
This is comparable to real life kidnapping experiences, whereby criminals
demand money for the return of kidnapped persons or seized precious items. In
the cybercrime world the criminals use a malware or a “dangerous” computer
programme to prevent or limit the usage of company services, stopping users
from accessing the system/services unless a ransom is paid. Imagine an attack
on the EcoCash mobile banking system which disables all associated services
such as mobile money transfers even just for a day or disrupts/cuts off Econet,
Telecel or TelOne mobile communication! The disruption that can occur and the
damage to the economy could be quite substantial! The outcry that accompanied
the disruption of WhatsApp services for a few hours last year around the world is
a taster of the potential effect of cybercrime on everyday life.
In Zimbabwe, there have been
reports of malware attacks on educational institutions and companies’ websites;
with the Herald, the government, NUST and the Harare Institute of Technology reportedly
affected, reflecting the reality of the threat on Zimbabwe’s doorstep.
Companies and banking systems have also been subject to hacking (illegal
penetration and use of computer systems) thus being defrauded by individuals of
large amounts of money. The case of a Chitungwiza man who hacked OK Zimbabwe’s
Money Wave System before stealing $70 000 reported widely, is a typical example
of such cybercrime activities.
Another form of attack is one organised
by a state against another state's institutions or infrastructure; a form of
cyber-warfare. This involves one nation penetrating another nation's computers
or networks for the purposes of causing damage, disruption or to obtain
sensitive security information. In these types of attacks, one nation attempts
to disrupt the activities of organizations or other nations for strategic or
military purposes and cyber-espionage. Attacks may also be carried out by terrorist
groups. Increasingly, cybercriminals are attacking governments through their critical
infrastructure, including transportation systems, banking systems, power grids,
hospitals and critical manufacturing.
Numerous incidents of
cyber-warfare have been reported, for example, in March 2014; the Russian
government allegedly disrupted the internet in Ukraine, enabling pro-Russian
rebels to take control of Crimea. North Korea was blamed for the 2014
cyberattack on Sony Pictures after they released the film “The Interview”,
which depicted the North Korean leader Kim Jong-un in what the country regarded
as negative light. In December 2016, Ukraine experienced a blackout as a result
of cyber-attacks on electric power distribution companies. Most recently, and
still ongoing are allegations of Russian interference in the USA elections
through cyber activities. The WikiLeaks case which also affected Zimbabwe is a
typical highlight of another form of cyber-espionage. These incidents have
brought into light, situations which used to be viewed as science fiction!
Social media remains a favoured
target of scammers, as criminals seek to leverage the trust people have in
their own social circles. Social media is quickly becoming a daily part of life
in Zimbabwe; following a global trend. In social media generated cyber-crimes,
criminals take advantage of the sharing facilities and present fake products,
video links and “like” buttons which they use to spread their scams. Users are
also lured into clicking fake website buttons that install malware with some
posting updates on a user’s newsfeed, spreading the attack.
Terror groups have also been
taking advantage of social media to further their goals and spread their
message presenting governments with another frontier for cybersecurity.
Investigations into attacks such as that of the Kenya Westgate Mall have
revealed the use of social media and computer networks in planning and
co-ordinating the attacks.
Cyber criminals continue to take
advantage of vulnerabilities in poorly secured legitimate websites to infect
users. Cyber criminals exploit the design weakness to gain access and
manipulate these sites for their own purposes. For instance, cyber criminals
can penetrate websites and acquire user data, compromising visitors to the
affected websites. Attacks on websites and replacing contents are also common,
with some websites content replaced by for example, extremist material or
pornography.
To safeguard the country against
cyber-crime, it is vital to promote the culture of cybersecurity among
stakeholders, notably government, companies and cooperatives, civil society
organisations and international organisations operating in the country to
develop, manage and use information systems. It is important to engage
industry, the civil society, and academia in the promotion and enhancement of a
culture of cybersecurity. The government must also, on its part, mobilise
resources to develop cyber security skills.
The government has to sensitise
and provide education and training to the public. Law enforcement powers must be
trained so that they execute their cybersecurity duties whilst maintaining the
rule of law and meeting human rights requirements. Conditions and safeguards
limiting law enforcement powers should be established. Since cybercrime is borderless;
the Zimbabwe laws must be compatible with the laws of other countries to permit
international cooperation. It should avoid over-criminalisation of social
media-content, if it is to stop the stigmatisation associated with the newly
created ministry.
The government must ensure that
critical information infrastructure is protected, to safeguard data and
sensitive information. Data protection legislation should be put in place to
safeguard the general public (critical with the ongoing biometric electoral
registration which acquires sensitive individual data such as fingerprints; taking
place).
Zimbabwe like other nations has
been experiencing various types of cybercrimes including credit card theft,
hacking, identity theft, phishing, unauthorised access according to police reports,
but these have not received publicity in contrast with social media activism. One
of the biggest impediments in advancing cyber security readiness is changing of
mindsets to raise awareness about the potential risks of cybercrime; and
publicity of ongoing cyber-crimes can go a long way in achieving this. All
national stakeholders and citizens must work together in order to change the
mindset and public perception of matters relating to cybersecurity.
Cybercrime not only derails the
technological advancements but is an attack on economic, social and political
advancement of societies. It is
therefore important for the new ministry to create greater awareness and
capacity building programs to facilitate cyber resilience in the future whilst
ensuring good governance and respect of human rights.
Note: Cybersecurity was rightly incorporated into the Ministry of ICT (and Cybersecurity) - After this article was written ...not because of this article.
No comments:
Post a Comment