Chairman of Zimbabwe Institute of Engineers Jacob Mutisi and President Internet Society of Zimbabwe Jasper Mangwana who recently shared notes with TechnoMag on Domain Name Systems yesterday joined Zimbabwe Content Creators for a Zoom meeting that discussed issues of Website and Digital Security Essentials.
Zimbabwe’s national security is under threat from a plethora of cyber crimes that are causing havoc across the world.
Urgent action is actually required because the country is vulnerable to online crimes.
Co Moderator Sizani Weza from the US EMBASSY was mesmerised by the quality of experts on the panel that he summed it all up saying ” we have actually come a long way..the quality of content..the techniques of journalism..and other tools that journalists are using..this topic here we don’t have enough time..”
He continued ”Toneo we were talking about face to face over drinks..its one topic we must come back to again..i didn’t get enough..i am dying for more information…the global landscape..the amount of money that it costs there is hundreds of millions DIGITAL INSECURITIES RUNS INTO MILLIONS OF DOLLARS..Jacob brought technical aspects of digital…its not only the software but human-ware…”
”…the vulnerability are the technical aspects..we really appreciate ..i think ifor academic purposes i brought my son a phone..i will use it as a parental control for my grade 7 son….going foward..thanks to our facilitators Zocc, Toneo always excellent in this fora…looking foward to meeting all of you in person…”
So website and digital security essentials are a necessity even for our school going children and if there is any risk it can affect our children hence the utmost importance to secure our systems more so for our offspring.
The ongoing debate on the draft Cyber Security and Data Protection Bill should be undertaken honestly and objectively. Partisan inclinations and polarisation should not stop people from objectively debating such an important piece of legislation.
Cade Zvavanjanja Cyber Security and Forensics at Bakers Tilly said ”..people love content. because people love content people click click click..once you click everything that comes on your whatsapp email you are bound to click fake stuff…the issues of techno-graphy…somebody can send you a picture of somebody…once you click that..it corrupts your phone and systems..there is very cheap fire ware there…”
Toneo Rutsito the Acting President of Zocc asked experts the following question ” a very serious issue that has led to people losing critical things…fear that has been …your how easy is it from a spyware perspective..how easy is it for government to spy on you..without human interference..how easy is that…is that even physically possible without physically installing anything in your device…can we have mobile operator do that…”
President of the Internet Society of Zimbabwe Mr Jasper Mangwana answered saying ”someone calls you on whatsap…that is also an issue..but if you look at Zimbabwe, we have the law before parliament..on data protection…no one else can access…if you are operating a mobile device…some of these in terms vulnerability ..its a better secure platform..over and above that inZimbabwe..Engineer Jacob said the government needs to up its game..”
”the systems that they have they can be cloned..”
Chairman of Zimbabwe institute of Engineers Jacob Mutisi said” its something that is common remember the case of the journalist called koshogi and the Saudi Arabia embassy..how did they know that he was now in the embassy…its a typical example…its called remote access trojan..if you look at the history of it ..it was started way back…the software can get it online..”
So indeed government can abuse cyber if they are an oppressive government as in the Saudi example.
” you get emails that say you have received an invoice..as you are clicking it you are opening software embedded on it..you are now activating it…”
”They can go pull that from the internet
At the moment, Zimbabwe needs a comprehensive national legislation against cybercrime.
Such legislation should adopt international best practices as outlined in both the Budapest Convention and the Malabo African Union Convention on Cyber Security and Personal Data Protection.
The world is under siege from the proliferation of cyber crimes that range from attacks against computer hardware and software; financial crimes such as online fraud; penetration of online financial services and phishing; and heinous child sexual exploitation related crimes.
This is not to mention millions of data records being stolen through cyber-attacks.
In other words, what is being said here is that crime on digital platforms is growing at alarming rates as more and more criminals are making use of the speed, convenience and anonymity of the cyber space to commit various crimes across borders.
The Budapest Convention, the Malabo Convention and the Zimbabwe Bill on cyber crimes are some of the efforts meant to criminalise conduct that include illegal accessing of the whole or any part of a computer system without right; illegal interception of computer data; data interference; system interference; misuse of devices; fraud and forgery; offences related to child pornography; offences related to infringements of copyright and related rights.
The impact of cyber crimes is enormous, thus, the reader may not need to be burdened by statistics. Suffice to say millions of records have been stolen through cyber-attacks.
Several trillions of dollars (US$4,2 billion in 2019 and to US$10,5 trillion by 2025) are to be lost annually through cybercrimes.
Our children’s future has been destroyed by child sexual exploitation happening online.
This year alone, the 2021 Report on Cyber warfare in the C-Suite predicts that cybercrime damages will amount to a staggering US$6 trillion annually.
The world is also expected to witness a sharp rise from the total cost of cybercrime for each company, which reached US$13 million in 2019.
These are scary figures, which spell doom for the world if urgent action is not taken.
It is believed that this is the best way the world can help address the current situation before it degenerates into a worst case scenario.
Just like Covid-19, the global effort against cybercrime depends on actions taken by every country.
Without collaboration, it is difficult to tackle cyber crimes as many of them know no borders.
Collaboration is needed because the nature of the problem demands it.
It is important to note that the number of cyber-attacks is rapidly increasing with higher levels of sophistication and new paradigms that enlarge the surface of attack.
As a result, the world has witnessed more dangerous criminal syndicates, state sponsored hackers; convergence between cybercrime and state-sponsored hacking; proliferation of government-built malware and cyber weapons; cyberbullying and child sexual exploitation, which keep on rising at alarming rates.
What is now needed is that the law on cybersecurity is finalised with speed, adopting from international or regional best practices.
On the international front, the Budapest Convention is a comprehensive model law that can be used to support countries to strengthen their criminal justice capacities on cybercrime and electronic evidence.
The Convention forms the basis on which states can utilise to promote consistent cybercrime legislation, policies and strategies as stand-alone and as part of broader cybersecurity.
Furthermore, the Budapest Convention is the best piece of law that can be used to strengthen the capacity of Zimbabwe’s police authorities to investigate cybercrime and engage in effective police-to-police cooperation with each other, as well as with cybercrime units in the region and the whole world.
Without international cooperation, smaller states like Zimbabwe will not be able to effectively fight cybercrime.
A good example is Article 19 of the Budapest Convention on production order, which compels a service provider offering its services in the territory of the party to submit subscriber information relating to such services.
Belgium was able to utilise this Article to order Yahoo to release the information.
This empowers law enforcement agencies to order provision of data in the prosecution of crime irrespective of where that data is kept.
Unlike the regional Malabo Convention, the Budapest Convention is comprehensive, for it outlines in detail the conduct being criminalised and procedural tools that should be used.
It is also a framework for international cooperation.
In other words, the Budapest Convention allows criminal justice authorities to apply legislation, prosecute and adjudicate cases of cybercrime and electronic evidence, as well as engage in international cooperation.
However, this does not mean that the Malabo Convention is not significant. The two complement each other.
The Malabo Convention provides a strong starting point from the regional perspective, which should then lead to international cooperation through the Budapest Convention.
The Budapest Convention has the advantage of being the only binding international instrument on cyber crimes that serves as a guideline for any country developing comprehensive national legislation against cybercrime.
It functions as a framework for international cooperation between state Parties to the treaty. It can be moulded to match individual circumstances by member countries in the fight against cyber crimes.
Though not a member, Zimbabwe has done well in borrowing some aspects from both the Budapest and Malabo Conventions, for its Cyber Bill has progressive clauses that strengthen data protection, consolidate cyber-related offences and promote technology for businesses to flourish.
Therefore, Zimbabwe should consider joining the Budapest Convention to enhance cooperation on cybercrime.
As the country develops its legislation on cybercrime, it should also guard against over-criminalisation and unnecessary infringement of the fundamental human rights as provided for in the Constitution.
Individual rights should always be protected.
Cyber Security and Forensics at Baker Tilly MD Cade Zvavanjanja summed it all up saying ”A fine balance between rights and the need for encroaching should be established. Otherwise, unnecessary controversial clauses usually discredit legitimate action against cybercrime.”’
”You are not creating a culture of cyber security within your company.”
”Once you start to do your content creating..there is terms and conditions..laws ..whats acceptable and not acceptable..”
”,..breaking the laws of that country when your content is pulled down…that content is pulled down…culturally nudity is acceptable elsewhere but not here…policy’s and procedures internally and externally to safeguard confidentiality of data within your organisation of content creators…lastly the national laws that are governing….cyber security if its just an expenditure and not giving you an investment becomes a problem…each and everything you are putting there must make you money..if its not viable your service is not viable..dont just do cyber security as a copy and paste…from there you are able to put in mechanisms to secure your content and your money..”
”way foward as Zocc and independent creators… make sure within the next 6 months carry out…your content…what happened if this happens..how do we secure our content…that drill will help you in terms of confidentiality..”
”check your systems..how vulnerable…there is no system that is 100% secure..the only system 100% secure is one not functional..”
”so you need to know your content…from an industry perspective…what is the critical infrastructure to consider operating..”
”share threats as a community on its own..participate on legislation not just from a reporting perspective but from a stakeholders perspective..”
”you will not be able to cover the full scope of cyber security…mobile security is a domain on its own…acquaint you-self with the experts..create a cyber security culture..”
”phone cloning one of the easiest ways is malware software..”
”the hardware and software becomes vulnerable and when it becomes vulnerable…”
”..once they are able.people love content. because people love content people click click click..once you click everything that comes on your whatsapp email you are bound to click fake stuff…the issues of techno-graphy…somebody can send you a picture of somebody…once you click that..it corrupts your phone and systems..there is very cheap fire ware there…”