Cyber-Crime and Cyber-Security - Emerging threats in the cyberspace

INTRODUCTION
Cyber-crime and cyber-security are contemporary broad areas that handle issues to deal with computers and networks. Many people suggest that “cyber-crime and cyber-security are two sides of the same coin” and this paper intends to dissect and give informed comments concerning this statement. Cybercrime is a 21st criminal behaviour, an anti-social behaviour that manifests itself in the cyberspace where as the cyber security is a concerted effort to combat the cybercrime. The concepts are divergent in the sense that when cybercrime is on the increase it entails failure on the part of cybersecurity. On the other hand, cybersecurity effectiveness can be seen through decrease in cybercrime.

DEFINITION OF KEY TERMS
Cyber relating to or characteristic of the culture of computers, information technology, and virtual reality.

Cyber-crime is a crime where a computer is the object of the crime or is used as a tool to commit an offense (Humphrey, 2012).

Cyber-security is the protection of internet-connected systems such as hardware, software and data from cyber threats (Lee, 2017).

Cybercrime is vastly growing in the world of technology today. Criminals of the World Wide Web exploit internet users’ personal information for their own gain. Criminals use dark web to buy and sell illegal products and services. Cybercrimes are costing companies and individuals billions of dollars annually. The evolution of technology and increasing accessibility of smart tech opened multiple access points within users’ homes for hackers to exploit. While law enforcement attempts to tackle the growing issue, criminal numbers continue to grow, taking advantage of the anonymity of the internet.

 Major types of cybercrimes perpetrated in Zimbabwe

Cybercriminals use a variety of techniques to defraud individuals and businesses, including card cloning, identity theft, cyberwar fare, WhatsApp hacks, social media prepayment scams, corporate account hacks, phishing scams, and hot airtime charge scams. Sitemere (2022) also correctly mentioned that the international remittance sector faces several significant risks, including money laundering, fraud, terrorist financing and sexual exploitation. Cyberbullying is also a cybercrime that harasses people through electronic means. Zimbabwe’s celebrities, business owners and executives have long been victims of cyberbullying, cyber-harassment and revenge porn. Most cyberbullying takes place on media sites such as Facebook, Instagram, Twitter, and WhatsApp. Cyberbullying occurs through devices such as mobile phones, computers, and tablets. This includes posting, transmitting or sharing harmful, false or hateful content about others to extent of damaging an entity’s reputation, poising a financial risk.

Social media also remains a favoured target of scammers, as criminals seek to leverage the trust people have in their own social circles. Social media is quickly becoming a daily part of life in Zimbabwe; following a global trend. In social media generated cyber-crimes, criminals take advantage of the sharing facilities and present fake products, video links and “like” buttons which they use to spread their scams. Users are also lured into clicking fake website buttons that install malware with some posting updates on a user’s newsfeed, spreading the attack. This may end up in identity theft or denial of service.

 Cyber-security concept overview

The cybersecurity field include application security, information or data security, network security, disaster recovery/business continuity planning, operational security, cloud security, critical infrastructure security, physical security and end-user education (Lee, 2017). Maintaining cybersecurity in a constantly evolving threat landscape is a serious challenge. Traditional reactive approaches, in which resources were put toward protecting systems against the biggest known threats, while lesser known threats were undefended, is no longer a sufficient tactic. To keep up with changing security risks, a more proactive and adaptive approach is necessary.

Cyber resilience and end-to-end protection in the financial services ecosystem cannot be overemphasized. Cybersecurity is now more than a powerhouse to understand many of the tricks and techniques behind the most popular scams. Zimbabwe’s increased use of mobile money, online banking and shopping during the COVID-19 lockdown has increased the need for cybersecurity. Cybercrime and computer crime are on the rise in the country due to cyber incidents related to money fraud, card duplication and identity fraud.

Furthermore, according to the 2020 National Risk Assessment (NRA) report, cyber risks, primarily through digital financial channels, have resulted in an estimated US$900 million in illegal proceeds from criminal activity in Zimbabwe annually. To combat cyber-attacks and ensure better data protection, the Government of Zimbabwe implemented a Cyber Security and Security Policy in 2021 aimed at providing minimum requirements that institutions shall build

upon in the development and implementation of strategies, policies, procedures and related

activities aimed at mitigating cyber risk in developing digital economy. The government also passed the Data Protection Act (Chapter 11:22) Number 5/2021 (Fintech, 2022). Cybersecurity is known as a set of guidelines and conduct to prevent crime (Lee, 2017). There are various forms of cyber security breaches that leads to the perpetration of cyber-crime.

Cybercrimes and cyber security both have victims. These victims differ based on what crime was committed. With cyber-crimes, it is generally individual or group of individuals. With cyber security, the most concerned parties are government or corporate. Individuals can suffer substantial financial loss from cyber-crime. The greatest impact being theft including theft of intellectual property. Average people are on their own when it comes to securing computers and devices (Yar, 2012).  These personal attacks cause chaos and computer distress. It is proven that large corporations can recover from an attack much easier than that of an individual.

For instance individuals who had their debit cards cloned by Chinyemba suffered a loss they failed to recover. Chinyemba and his company “cloned” POSB debit cards and managed to steal Z$3 million. These thieves stole card data including the name, along with the credit card number and expiration date through skimming and shimming. Skimming frequently happens at ATMs and it also can occur when a person hand a card over for payment especially out of sight. In that brief moment, the cashier skims card data with a handheld device.

On the other hand, cybersecurity is vital to a corporation because it comprises everything relevant to the protection of their sensitive data. Cybersecurity is primarily interested in preventing damage and theft that is attempted by cyber criminals. Government and corporation leaders must educate themselves and staff on scams like phishing and ransomware attacks since it causes irreversible reputational damage. Therefore cyber security practitioners concentrate on building capacity to defend against cyber-attacks and providing cyber security tools, incident response services, and assessment capabilities to safeguard and enhance the confidentiality, integrity and availability of data. This entails that organisations should have valuable, rare, inimitable and non-substitutable capabilities so as copy up with rapid development in new technologies such as the Internet of Things and Artificial Intelligence that could produce new security threats.

It is therefore recommended that;

A culture of cybersecurity among stakeholders, especially governments, businesses, cooperatives, academia, civil society organizations and international organizations operating within the country developed. and developing information systems to manage and use them. Governments also need to mobilize resources to develop cybersecurity skills.
Government should raise public awareness and provide education and training. Law enforcement agencies need training to carry out their cybersecurity missions while upholding the rule of law and meeting human rights requirements.
To enable international cooperation, Zimbabwe’s laws must be compatible with those of other countries. Over-criminalizing social media content should be avoided to curb the stigma associated with the new laws.
Governments must ensure that critical information infrastructure is protected in order to protect data and sensitive information in terms of the promulgated data protection laws (this is crucial given the contemporary biometric systems that collects sensitive personal data such as fingerprints).
Stakeholders and citizens of all countries must work together to change the mindset and public perception of cybersecurity issues.
Cyber security practitioners should ensure that they are robust and agile to remain ahead of criminal sophistry
Cyber criminals should be given tough sentences when convicted
Cyber-crime investigators and court official should be kept updated on cyber space issues