A total of 37 Government websites were hacked between 2013 and 2016 with 140 such cases being recorded over nearly the same period, an indication that Zimbabwe is ill-prepared to handle threats of cybercrime, according to recent research findings.
Zimbabwe has reportedly suffered a number of cyber security breaches on various institutions, but mostly in Government departments, Parliament said in its recently released policy brief number 8 of 2017.
Despite rapid adoption of information communication technology (ICTs) and mobile penetration, chiefly responsible for internet penetration, the country has not kept pace through policy and legal frameworks to govern the dynamics in this area.
Zimbabwe has witnessed significant growth on internet penetration, with statistics showing a penetration rate of 50 percent by end of 2016, according to the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).
According to the Zimbabwe Republic Police, as cited by Reserve Bank, the most common types of cybercrime in Zimbabwe is phishing. Banks have also been victims of cybercrime.
The findings of the research say between 2011 and 2015, about 140 cases of cybercrimes were reported and these include phishing (20), credit card fraud (13), identity theft (10), unauthorized access (24), hacking (72), and telecoms piracy (1).
“These statistics are evidence of Zimbabwe’s vulnerability to computer and cybercrimes and thus the pressing need for a legal framework to combat these crimes before they become pervasive.”
The threats posed by cybercrime continue to grow in Zimbabwe, Africa and the rest of the world. It is estimated that cybercrime related crimes costs the world over $400 billion, annually.
In May, 2017 ransomware wannaCry affected 200 000 computers in over 150 countries worldwide. The attack began in Ukraine, and spread to companies in Russia, Western Europe and the US.
In Africa and closer to home, countries such as Zambia and South Africa suffer from cybercrimes, which account for 0,14 percent and 0,16 percent of their Gross Domestic Product, respectively.
As part of efforts to contain the scourge, continentally, there is the African Union Convention on Cybersecurity and Personal Data Protection that seek to harmonize African cyber legislations on electronic commerce, organization, personal data protection, cybersecurity promotion and cybercrime control
Among attacks on Government was the hacking of the Parliament of Zimbabwe website, reportedly done in February 2016 by cyber attackers identifying themselves as Anon plus Anonymous.
Also websites belonging to the ruling ZANU PF Party, State broadcaster Zimbabwe Broadcasting Corporation (ZBC) were reportedly also hacked and shut down by a group named Anonymous Africa, in retaliation over perceived Government blockade of access to instant messenger services WhatsApp on July 7 2016.
Further, the attack on Zimbabwean Government website disrupted the online service of the country’s official portal(zim.gov.zw).
Anonymous has also been conducting Operation OpAfrica, since 2015, which aims to attack government and oil sectors against corruption, child abuse, and child labour in the continent.
In the education sector, the National University of Science and Technology (NUST) and the Harare Institute of Technology (HIT) websites also suffered 5 cyber-attacks on the 21st of June last year.
Challenges of cyber-warfare and cyber security are relatively new issues, and many countries in Africa are unprepared and ill-equipped to address them. The virtual, global and anonymous nature of cyber-conflict creates complex difficulties in formulating counter-attack and deterrence strategies.
To address concerns on growing cyber security threat, Zimbabwe is in the process of crafting new legislation, covering e-commerce, cybercrime and data protection, which are still in draft form.