Professional Documents
Culture Documents
The Effectiveness of Cyber Security Fram
The Effectiveness of Cyber Security Fram
ABSTRACT
This study investigated the effectiveness of Zimbabwe’s cyber security frameworks in combating
terrorism. Media reports and scholarly evidence have constantly shown that cybercrime has led to loss of
life, money, security, damage to property. There is a lot of concern among citizens of African countries
such as Zimbabwe, Kenya, and Nigeria that their governments are not equipped with effective cyber
security systems to combat these cyber threats. It is on the basis of these concerns that this study was
carried out with the hope of helping to close policy and knowledge gaps affecting the effectiveness of the
cyber security frameworks of Zimbabwe. The study used qualitative methodology and a case study
research design was utilised. The study was conducted in Harare the capital city of Zimbabwe. Key
informant interviews and documentary search were used to collect data. Among the findings of the study
were that cyber fraud and theft are some of the significant cyber security threats in Zimbabwe; that
Zimbabwe lacks established legislation and other regulatory institutions for cyber-security. Among the
recommendations are; that the Ministry of Justice, Legal and Parliamentary Affairs enacts cyber security
laws in Zimbabwe to combat cyber terrorism.
KEywoRdS
Cyber Criminals, Cyber Security, Cyber Terrorism, Zimbabwe
INTRodUCTIoN
There has been a paradoxical increase of cyber security threats that have accompanied the
improvement, usefulness and sophistication of cyber domains and information technology.
Mckinnon (2016) argues that the need for comprehensive cyber security measures has grown
exponentially in modern day. Ibrugger (2009) suggests that in the United States of America (USA),
cyber-space has become a potent instrument through which crime and terrorism are committed.
Bowen and Mace (2009) report that cyber related crime and terrorism have contributed to the loss
of US$46 billion worth of infrastructure, capital and other resources as well as over 5000 lives in the
USA since the year 2000. Mckinnon (2016) reports that no less than 200 child pornography rings
that had insidious cyber domains were apprehended in EU countries between 2000 and 2010.
Ibrugger (2009) suggests that another form of cyber threats has been that ransom ware, which
is a type of malware that involves an attacker locking the victim’s computer system files, typically
through encryption, and demanding a payment to decrypt and unlock them. Mckinnon (2016) posits
DOI: 10.4018/IJCRE.2020010101
Copyright © 2020, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
1
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
that malware has also been targeted at individuals, companies and government
institutions and is whereby any file or program used to harm a computer user, such as
worms, computer viruses, Trojan horses and spyware.
According to Mckinnon (2016), cyber threats in developing countries have been underreported
but have been just as severe and even more devastating. Bowen and Mace (2009) posit that cyber
criminals and terrorists view Africa in particular as a soft target as there has not been much
investment in comprehensive cyber security measures and resources on the continent. According
to Mckinnon (2016), terrorist organisations such as Boko Haram and Al Qaeda, human traffickers,
cyber fraud syndicates and military insurgents have exploited the internet to inflict harm on citizens
in such countries as Algeria, Burundi, Congo, Sudan, Ethiopia, Eritrea, Djibouti, Somalia, Kenya,
Uganda, Tanzania, Nigeria, Rwanda, and others have seen an increase in recent years. The
United Nations (UN 2016) reports that the internet has been exploited in crimes and violence that
has led to the loss of over 200 000 lives on the African continent between 2010 and 2015.
Mckinnon (2016), the cyber security measures in the USA and Europe are guided by well-
established policy and legislation, state of the art equipment, coordination with private firms and trained
personnel. However, suggests that the same cannot be said of Africa. Mckinnon (2016) posits that a
robust cyber security framework requires cyber security governance and oversight; cyber security risk
management programme; cyber resilience assessment; cyber security operational resilience; metrics,
monitoring and reporting, and compliance with statutory and regulatory requirements.
Ochab (2017) reports that only 9 out of 52 countries in Africa had by the year 2017 established
a comprehensive national cyber-security framework. Ochab (2017) also reports that this is despite
the fact that 44 of those countries have a considerable cyber dependency in critical infrastructure,
banking, law enforcement and national defense. Elu and Price (2015) assert that a lack of robust
cyber security on the African continent has led to the flourish of radical extremist terrorism in the
21st century. According to Berri (2017), the recent terror attack by al Shabaab in the port city of
Barawe in southern Somalia, a suicide bomb attack by Boko Haram in Maiduguri in Niger, and an
attack on a military post in Mali by an al Qaeda-linked terror group have brought the focus back on
terrorism in the African continent. Berri (2017) further posits that over the years, terrorism has
become the most important challenge to peace, security and development in Africa.
2
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
vii) The conflict of norms of physical space with the norms and values of cyberspace may
lead to cyberspace.
Nature of Cyber Threats
The issue of cyber-crime is one that has been discussed by many people with various
perspectives on the issue, most coming at it from different sides than the others. Cyber-
crimes have gone beyond conventional crimes and now have threatening ramifications to
the national security of all countries, even to technologically developed countries as the
United States. Most cyber threats fall into the following broad categories.
Ransomware
According to Mckinnon (2016) ransomware became lucrative business for cyber criminals in 2017
especially since the code / malicious program could easily be bought online by anyone and used to
render an organization or any target captive. Bowen and Mace (2009) assert that ransomware was the
fastest growing security threat in 2017 as evidenced in several reports. Not only were there more attacks
on more businesses demanding more money, but the level of sophistication in distributing ransomware
also expanded. Ibrugger (2009) assert that these happened despite several warnings that people should
not give in and pay the ransom to attackers so as not to encourage them to continue. There were cases
where the data that could be lost if the targeted organization / victim did not pay up was very vital to the
existence of the organization, hence the victims had to give in and negotiate
3
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
with the criminals. Mckinnon (2016) posits that unfortunately this trend is expected to continue
in the New Year given the relative ease with which the attack could be set up and the attacker
could quickly cash in. It is also expected that ransomware in 2018 would start to target other
platforms apart from computers; majority of the attacks in the past were on systems running
windows operating systems, but it is expected that there would be a shift and focus would also
be on mobile devices especially those running on the Android platform. According to Bobert
(2017) prevention of ransomware attacks is possible only if individuals and organizations
would follow some of the most basic cyber security practices.
4
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
the September 11 2001 attacks in New York in the United States of America (USA). Dowdeswell
(2017) posits also that Islamic terrorists have also form ISIS mostly found in the Middle East and
Boko mostly found in West Africa. According to the Institute of Economics and Peace (IEP 2017)
radical Islamic fundamentalism has contributed a significant amount of the global terrorism that is
experienced in modern day. According to Bobert (2017), there were 2,415 terrorist incidents in Iraq
in 2015, causing 6,960 deaths and 11,900 injuries. The death toll was actually 30% lower than in
2014, but it still means that Iraq suffered more from terrorism than any other country. Agin (2016)
asserts that in Afghanistan in 2015 there were 1,715 terrorist incidents, which caused 5,312 deaths
and 6,249 injuries. The deadliest came in September 2015, when Taliban forces stormed a prison
in Kunduz in the north of the country, resulting in 240 deaths. Denning (2016), in Pakistan, some
1,086 people still lost their lives and 1,337 were injured in the 1,008 incidents recorded in 2015 and
the deadliest group is the Islamic fundamentalist group Tehrik-i-Taliban, which was responsible for
36% of the deaths in 2018.
Indoctrination
According to Agin (2016), cyber criminals and terrorists use the internet to indoctrinate people and
potential sympathizers with propaganda. The number of terrorist sites on the internet increased
exponentially over the last decade, from less than 100 to more than 4,800 two years ago. CECPT (2015)
asserts that in the case of al-Qaeda, hundreds of sister sites have been promulgated but only a handful
are considered active. OICCIT (2017) asserts that the Internet is a powerful tool for terrorists, who use
online message boards and chat rooms to share information, coordinate attacks, spread propaganda,
raise funds, and recruit. Terrorist sites include the official sites of designated terrorist organizations, as
well as the sites of supporters, sympathizers, and fans. Agin (2016) opines that the most effective way in
which terrorists use the Internet is the spread of propaganda, as for example, Abu Musab al-Zarqawi’s al-
Qaeda cell in Iraq has proven particularly adept in its use of the web, garnering attention by posting
footage of roadside bombings, the decapitation of American hostage
5
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
Nick Berg, and kidnapped Egyptian and Algerian diplomats prior to their execution. According to
Dowdeswell (2017), In Iraq, experts say terrorist propaganda videos are viewed by a large portion of
society, not just those who sympathize with terrorists and insurgents. This research determined whether
terrorist groups utilise the internet to indoctrinate Zimbabweans and Nigerians with propaganda,
message boards and sympathetic websites with the view of gaining recruits, fans and sympathizers.
Fundraising
According to ASEAN (2017), online cyber criminals and terrorists fundraising has become so
commonplace that some organizations are able to accept donations via the popular online payment
service PayPal. Furthermore, Agin (2016) asserts that the networks of different terrorist cells retain a
certain camadarie and brothers in arms kind of relationship and therefore they usually pull resources
together to sponsor some activities that they would have been made aware of on the internet. Mckinnon
(2016) posits that such terrorist cells as the Al Qaeda in Iraq and Afghanistan as well Boko Haram in
West Africa have claimed territories that are rich in oil and they use that wealth to sponsor terrorist
activities even those that do not occur where they reside but through the internet they can insure that
funds are transferred to other areas such as Yemen, Syria, Lebanon, West Africa, the Sudan or Pakistan.
CECPT (2015) also found that fund-raising for illicit and terrorist activities is done through direct
solicitation, e-commerce and the exploitation of online payment tools. Ibrügger (2017) opines that direct
solicitation includes the use of websites, chat groups, mass mailings and targeted communications to
request donations from supporters. Websites can be used as online stores, offering books, audio and
video recordings and other items to supporters. This research determines whether or not terrorists have
utilized the internet to fund raise so as to sponsor their training and attacks in a manner that sis similar to
that described in this section.
Recruitment
Dowdeswell (2017) is of the view that cyber criminals and terrorist sites also host messages and
propaganda videos which help to raise morale and further the expansion of recruitment and
fundraising networks. According to Ibrügger (2017), Al-Qaeda’s media arm, As-Sahab, is among
the most visible. But an entire network of jihadist media outfits has sprung up in recent years. The
Internet also provides a global pool of potential recruits and donors. Agin (2016) opines that the
Internet is also used to develop support networks and relationships to solicit material and moral
support. Terrorist organizations use password-protected websites and restricted access Internet
chat groups for clandestine recruitment. ASEAN (2017) asserts that the reach of the Internet
provides terrorist organizations and sympathizers with a global pool of potential recruits. Restricted
access cyber forums offer a venue to exchange notes and refine strategies and tactics. The use of
technological barriers to access recruitment platforms has increased the complexity of tracking
terror-related activity. This study investigated whether recruitment had been one of the purposes for
which terrorist groups have utilised the internet in Zimbabwe and Nigeria.
Training
Agin (2016) asserts that cyber-criminal syndicate and terrorist websites can serve as virtual training
grounds, offering tutorials on building bombs, firing surface-to-air missiles, shooting at soldiers, and
sneaking into Iraq from abroad. Mckinnon (2016) posits that terrorist organisations also communicate
new training strategies over the internet and coordinate training manuals in internet chat rooms and
encrypted messages over social media. Bobert (2017) suggests that terrorist groups also utilize the
internet to establish new training bases particularly in places where there is porous security and conflict is
already a common phenomenon such as the Sudan, Somalia, Lebanon, Yemen and Syria.
6
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
Planning
Bobert (2017) asserts that usually the attacks that are carried out by cyber criminals and terrorist
groups hold a significance in meaning to them. ASEAN (2017) posits that the amount of casualty,
the setting and the day are important to terrorists as they believe that all this detail contributes to
the impact of their attack on the targeted community. According to Agin (2016), normally the
instructions of how an attack is to be executed usually come from high up. OICCIT (2017) suggests
that in the case of a suicide attack, the identification of the attacker that is to sacrifice themselves,
the venue, the day and the weaponry are usually coordinated by members of the terrorist cell that
the attacker themselves might not even meet in person but is communicated with over the internet.
According to ASEAN (2017), the 9/11 attackers were in constant contact with co-
conspirators that were in America and those in Afghanistan during the fortnight before the
attack. They coordinated plans of flight lessons, how and when the American flight system
was most vulnerable, who would hijack which plane and on which day. This study established
whether there are terrorist groups that have utilised the internet to plan terrorist activities in
Zimbabwe and Nigeria and to what extent these have been successful.
Coordination
According to Mckinnon (2016), cyber criminals and terrorist groups also utilize the internet to
coordinate their attacks, training and recruitment particularly in areas such as Africa, the Middle
East and some parts of Europe and Asia were the internet surveillance and cyber security system
are not quite developed. Agin (2016) posits that most of the terrorist attacks that have occurred on
European and American soil have usually involved an attacker or attackers that had previously
travelled to the Middle East from their original countries after having networked with terrorist cells
over the internet. Bobert (2017) suggests that the bombers at the Boston Marathon had travelled
form their native Chechnya to Afghanistan weeks before mounting an attack on the Boston
Marathon victims. CECPT (2015) posits that at times terrorists coordinate attacks that occur on the
same day but in different territories by utilizing their communication on the internet. This research
determined whether or not terrorists in Zimbabwe and Nigeria utilized the internet to coordinate
their activities in a manner that is similar to that described in this section.
Travelling
ASEAN (2017) posits that regardless of the high amount of risk of getting captured or to the success of
their missions terrorists usually utilize the internet to make travelling arrangements, that is, to book flights
and other forms of transport. According to Agin (2016), the cyber-criminal and terrorist groups also
usually utilize the internet to make bookings of accommodation in the areas that they
7
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
plan to carry out the attacks. Dowdeswell (2017) observed that the 9/11 hijackers rarely used cash
and made frequent online purchases and payments. Agin (2016) motes that terrorists also utilize
internet tools to surveil the areas to which they will travel either for training purposes of to launch
attacks. Denning (2016) is of the view that the terrorists study the transport and security systems of
the areas, the terrain, the most populated areas and the radar system so as to choose the best
means of travel that would render them undetectable. This study established whether or not
terrorists utilized the internet to make travelling arrangements in Zimbabwe and Nigeria.
8
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
ASEAN (2017) observes that with the National Cyber Security Strategy, the French State is
working to ensure the security of IT systems to move towards a collective response, towards the
digital trust required for the stability of the State, economic development and the protection of
citizens. Many players contribute to the efficacy of this strategy from technical and operational
standpoints. According to Agin (2016), created in 2009, the French Network and Information
Security Agency (ANSSI) is the French national authority on cyber security. The authority is a
genuine firefighter of French cyberspace, it is responsible for preventing, including from a
normative perspective and reacting to IT incidents regarding sensitive institutions. Agin (2016)
argues that it also organizes crisis management exercises on a national level. ANSSI currently has
over 500 staff members and continues to grow. Agin (2016) opines that the French Ministry of
Defense has a dual mission to ensure the protection of the networks which underpin its action and
to integrate digital warfare into military operations. In order to consolidate the Ministry’s work in this
field, a cyber defense operational chain of command (COMCYBER), placed under the orders of the
Armed Forces Chief of Staff, was created in early 2017. This study established whether the Cyber
security frameworks of Zimbabwe and Nigeria were comprehensive and characterized by technical
and institutional sophistication like that of France or other established frameworks.
Legal Framework
Dowdeswell (2017) posits that a comprehensive legal framework is necessary for a
cyber-security framework to be effective. According to Agin (2016), if governments and
groups are held responsible for the cyber misdeeds of companies and organizations
within their areas of influence, a lot of irresponsible activity can be curtailed. Denning
(2016) opines that this can in the long run engender trust. It is therefore important to lay
down precisely the responsibilities of the governments and their national organizations to
behave in cyber-space in accordance with the international and national legislations.
Denning (2016) asserts that one major problem associated with cyber-attacks is that of attribution. It
is very difficult to assign responsibility to the perpetrator of a malicious activity either technically or at a
human level. Yet it is not entirely impossible to investigate cyber-attacks forensically and assign
responsibility. Agin (2016) suggests that one way of making attribution easier is by declaring the
geographic location of known IP addresses. Exchanging such information among groups, on regular
basis, can help reduce cyber mistrust. Cybercrime is one area, where groups can collaborate without
agitating the domestic hawks. Bobert (2017) posits that a legislative agreement to jointly tackle
cybercrime can cover broad range of issues like harmonizing laws covering cybercrime like online theft.
Social issues like child pornography and human trafficking already find mention in law manuals.
According to Ibrügger (2017), drawing inspiration from the International Humanitarian Law (IHL),
9
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
Rule 80 of the Tallinn Manual recommends that: In order to avoid the release of dangerous forces
and consequent severe losses among the civilian population, particular care must be taken during
cyberattacks against works and installations containing dangerous forces, namely dams, dykes,
and nuclear electrical generating stations, as well as installations located in their vicinity.
This study used qualitative methodology, while a case study research design was utilised.
Data was collected using key informant interviews and documentary search. Purposive
sampling and snowball sampling methods were used to identify key participants. The key
informant participants were drawn from the Ministry of Information Communication and
Technology, Ministry of Justice, Legal and Parliamentary Affairs, Zimbabwe Republic Police
(ZRP) and computer experts. These participants were identified because of their expert
knowledge in cyber terrorism and are responsible for implementing laws in Zimbabwe.
dISCUSSIoN oF FINdINGS
The findings of this study are based on the field work carried out with key participants in
Harare the capital city of Zimbabwe.
Causes of Cyber-Crime in Zimbabwe
The respondents suggested that three main factors influence or cause cyber-crime in
both Zimbabwe and Nigeria and these are: socio-economic deprivation; religious
indoctrination, ease of cyber-crime and entertainment.
Socio-Economic Deprivation
Most of the respondents suggested that the most prominent cause of cyber-crime in Zimbabwe is
socio economic deprivation characterised by high unemployment, low income, rising cost of living
and limited investment opportunities. The respondents shared the consensus that in the two
countries most of the cyber-crime was perpetrated by the youth that were exposed to limited socio-
economic opportunities yet the cost of living was ever rising. It was the respondents’ common
assertion that the perpetrators of urban crime often do so to gain some form of income.
A high-ranking officer in the ZRP indicated that:
Most cyber-criminal intend to steal money or data that could be used to gain some income one way
or the other. The cyber-criminals obviously have some IT skill and knowledge that could be utilised
to earn a living in a legal way but because there are limited job opportunities they resort to crime.
A high ranking official in the Ministry of Justice Legal and Parliamentary Affairs in
Zimbabwe had this to say:
Most Cyber-crime in Zimbabwe like in many parts of the world often has a financial
motive. It is only opine form of the crimes that result from limited socio-economic
opportunities which sadly are prevalent in the Zimbabwean economy.
The study has established therefore that socio economic deprivation is a significant cause of
cyber-crime in Zimbabwe. The study determined that most of the cyber-criminals are drawn to that
crime because they are unemployed, earn very low incomes and lack access to basic goods and
services because of poverty. This is similar to the views of Ibrugger (2009 and Mckinnon (2016)
10
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
who suggested that most cyber-crimes have a financial element to it and are often
perpetrated by individuals and syndicates that feel they are not presented with adequate
socio-economic opportunities in their communities.
Most cyber criminals are encouraged by the fact that cyber-crime can be perpetrated
from the comfort of one’s home and anywhere far away from the victim of the crime.
The anonymity associated with cyber-crime is also another factor that has caused more
people with even basic IT knowledge to engage in that nature of crime as they know how
to not leave a digital footprint in their crimes.
The study established from the responses therefore that the ease of cyber-crime had caused
an increase in the crimes. The study determined that the ability of cyber-criminals to orchestrate
crime remotely from far away locations without requiring to travel, organise or mobilise many
resources made the cyber-criminals feel that such crime was easy. Furthermore, the study
determined that the difficulty in detecting the source of these crimes encouraged more cyber-
criminals to commit the crimes. This finding is similar to the views of Mckinnon (2016), who
suggested that increased sophistication of technology works more to the advantage of cyber-
criminals than cyber-security officers as the cyber-criminals often have more technological skills
and knowledge than law enforcement making it easy for them to commit crime.
Entertainment
Most of the respondents also suggested that cyber-criminals also commit crime so as to entertain
themselves. The respondents suggested that many hackers are in the trade for the fun of it and to
outdo each other without any real financial or material gain but pride and enjoyment.
A high-ranking officer in the ZRP mentioned that:
Many cyber-criminals in Zimbabwe also commit crime because they gain pleasure from
sabotaging others such as through leaking private Emails, Whatsapp chats and so on.
The study established therefore that one of the significant causes of cyber-crime is
just entertainment and the enjoyment that cyber-criminals get from their crimes. This is a
finding unlike any that was discovered in the review of related literature.
Forms of Cyber Security and Terrorism Threats in Zimbabwe
Respondents suggested that the common and prominent cyber security and terrorism
threats that confronted Zimbabwe were cyber fraud and identity theft.
11
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
Cyber Fraud
All the Zimbabwean respondents suggested that cyber fraud particularly concerning the transfer of funds
from one bank or financial account to the other was one of the most typical cyber threat that occurred in
Zimbabwe. The respondents suggested that many Zimbabweans are lured into the deception due to
desperation brought on by the difficult economic conditions. The respondents suggested that in most
cases citizens are lured with job or academic scholarship prospects in foreign countries. Respondents
also suggested that at times Zimbabweans are lured with promises of rewarding investments particularly
in crypto currency and they are asked to make a deposit. Respondents suggested that after having made
the payment, the victims never hear from the fraudsters again.
A senior police officer with the ZRP said:
Often Zimbabweans that will have been coned on line discover that whenever they try to make
follow-ups of the occurrences, the entities, individuals or companies would have never existed to
begin with. When law enforcement and intelligence agencies intervene and call other countries to
investigate such issues, it is often discovered that the companies would have been using ghost or
fake social media accounts and websites create sorely for the purposes of committing fraud.
The responses are supported by secondary data as the Ministry of Information, Communication,
Technology and Courier Services published on its website the vast forms of cyber fraud and
vulnerabilities that Zimbabweans were exposed to. Many of them were alluded to by the key informants.
Identify Theft
Most of the Zimbabwean and Nigerian respondents suggested that one of the prominent forms of cyber
threats in Zimbabwe is that of identity theft. The respondents suggested that at times the cyber-crime
syndicates are not after money but the identity details of an existing person so as to exploit these in other
crimes. The respondents suggested that usually these syndicates establish a fake website that purports
to give online work such as entering codes of online ads with the promise of providing some reward. The
respondents noted however, that these websites often require that the individual provide all their
information including full names, country of origin, bank details, phone numbers, Emails, social media
accounts and so on. The respondents suggested that the websites often require too that the individual
sign up several of their friends to the website only to find out after completing all the tasks that there is no
reward at all but identity theft will have occurred.
A computer expert in Zimbabwe said:
Identity theft is a lucrative business in certain parts of the world. Most of the time the
stolen identity is exploited without any repercussions to the individual from whom the
identity is stolen but sometimes when the individual has some money in the bank account
of accounts this may be used by the identity thieves.
12
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
The study established from the responses and secondary data that one of the aspects making
the cyber security framework in Zimbabwe ineffective is the lack of established legislation and other
regulatory framework that would be the basis of good practices and compliance to ethical use of
cyber domains. The need for comprehensive policy and legislation was stressed by Dowdeswell
(2017) who posits that a comprehensive legal framework is necessary for a cyber-security
framework to be effective. The lack of legislation is also in contrast to Agin (2016) views as he
stresses that, if governments and groups are held responsible for the cyber misdeeds of companies
and organizations within their areas of influence, a lot of irresponsible activity can be curtailed.
There is no Government Department that pools together all cyber security resources and
institutions in a single national cyber security strategy. A national cyber security bill was
only tabled before the Zimbabwe parliament in January of this year and is still a bill to be
deliberated upon and eventually passed into law.
13
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
The study has established from responses and secondary data that in Zimbabwe there is no
reconciliation of cyber security institutions and resources into a single cyber security framework but
there are fragments of private cyber security service providers whose effectiveness is dependent
on their various levels of technical expertise and resource adequacy. The lack of coordination and
cooperation is in contrast to the views of ASEAN (2017) who suggest that there has to be a high
level of coordination in the technical, legal and political expertise in crafting an effective cyber
security framework. Cyber security covers the entirety of security measures that could be taken to
defend against these attacks. The findings also contradict Mckinnon (2016)’s view that the
spectacular increase in the sophistication and intensity of cyber-attacks has, in recent years, led
most developed countries to toughen their resilience and adopt national cyber security strategies.
What is particularly concerning is that in the absence of comprehensive cyber security laws
and strategies it is difficult for the police to detect, apprehend and charge offenders. Most
cyber-crimes therefore usually go on unabated and no justice is brought for the victims.
The study established from responses and secondary data that there is unmitigated rise
in cyber-crime as there is a vacuum in the place of a comprehensive national cyber security
framework. The study has also established that because there is no robust legislation,
government coordination or specific department set aside specifically for cyber security in
Zimbabwe, Zimbabweans remain vulnerable to cyber-crime and terrorism. When the cyber
security framework is ineffective there tends to be an increase in cyber-crime as is posited by
Ibrügger (2017) posits that criminal terrorists and cyber criminals have increasingly exploited
the internet for trafficking. Mckinnon (2016) suggests that cyber-crime and terrorism has also
occurred as part of human and drug trafficking and pornography circulation.
CoNCLUSIoN
The study concluded that cyber fraud and theft are the most common and significant cyber security
vulnerabilities and threats that confront Zimbabwean citizens, companies and communities. These
findings are similar to the view of Mckinnon (2016) and Ibrugger (2009). The study also concluded
that identity theft is one of the significant cyber security threats that Zimbabweans are confronted
with. The study concluded too that cyber criminals pretend to be who they are not with fake social
media accounts and lure Zimbabwean internet users into providing their personal and private
information by making promises of job or education opportunities. These findings also support the
views of Mckinnon (2016) and Ibrugger (2009). Another conclusion of the research was that while
malware and computer viruses often find themselves to many computers in Zimbabwe, most of this
14
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
15
International Journal of Cyber Research and Education
Volume 2 • Issue 1 • January-June 2020
REFERENCES
Bowen, T., & Mace, S. (2009). Why U.S. troops may fight alongside Al-Qaeda in Yemen. The
American Conservative.
Dowdeswell, C. (2017). Split in ISIS-Aligned Boko Haram Group. Al Jazeera Centre for Studies.
Edu, K and Price, L. (2015). Cybercrime: Issues & Probable Policies for Nigeria [DBI Presentation].
Ibrugger, B. (2009). Cybercrime in Africa. Business Intelligence Journal. Retrieved from http://www.
saycocorporativo.com
Latham, V. A. (2004). The dance of qualitative research design. In K. Denzin., & A. Lincoln (Eds.).
Handbook of Qualitative Research (2nd ed., pp. 379-399). Thousand Oaks, CA: Sage.
Mazzini, S. (2018): Cyber Crime and National Security: The Role of the Penal and Procedural Law,
Research Fellow, Nigerian Institute of Advanced Legal Studies. Retrieved from http://nials-
nigeria.org Accessed 20 November 2018
Mckinnon, A. (2016). Cyber Crimes and Solutions. Retrieved from http://ezinearticles.com
Nicholas, U. (2014). ISIS in Africa: Implications from Syria and Iraq. Zurich: Centre for Security Studies.
Ochab, P. (2017). Good talk, not enough action: The AU’s counter-terrorism architecture, and why it matters.
Institute for Security Studies. Policy Brief, 66.
Okuku, A., Renaud, K., & Valeriano, B. (2015). Cyber Security Strategy’s Role in Raising Kenyan
Awareness of Mobile Security Threats. Information and Security: An International Journal, 32(1), 1–20.
The International Organization for Migration (IOM). (2016). ISIS Growing Presence in Libya
Threatens Europe and the U.S. American Center for Democracy.
The United Nations Office on Drugs and Crime. (2016). Terrorist group Isis makes inroads into southern Africa.
African Review, 6(2), 14–23.
Jeffrey Kurebwa is a Lecturer in the Department of Peace and Governance at Bindura University of
Science Education in Zimbabwe. He has previous publications in cyber threats, cyber warfare and cyber
terrorism. He holds a PHD in Public Administration.
Eunice Maumise is a holder of a Master of Science Degree in International Relations awarded at Bindura
University of Science Education
16