A Kenyan national has been charged with hacking the Zimbabwe Manpower Development Fund (Zimdef) and stealing $120 million from its bank account. Primrose Nyeri Mwangi (40), who also serves as the director of Primkett Travels, was accused of fraud and is facing a long time behind bars in Zimbabwe.
Reports claim that in December last year, Mwangi collaborated with two Zimbabwean men, Gerald Pondai and Prosper Hove, to hack into the Zimdef database and access its financial accounts.
The group allegedly transferred $120 million from Zimdef into Maffkett Trading's Steward Bank account through the Zeepay ZimSwitch technology. They also made additional transfers into the accounts of Atrier Engineering, Newplaces (Pvt) Limited, NBS Bank, and Tavaka Holdings.
On December 28, ZIMDEF received an email informing them of the transactions, which led to the discovery of the fraud. After investigations, Mwangi was arrested; however, the two other collaborators are still at large.
Cybercrime in Zimbabwe
In recent months, Zimbabwe has seen an increase in the number of cyber frauds. Hackers are targeting business networks more frequently and severely, and companies are losing millions of dollars every year. Cybercriminals are aware of the market's vulnerability, and there is a call to tighten security measures.
Over the past few years, a select few local firms have made important strides toward fulfilling their obligations related to cyber security. However, the majority of Zimbabwean businesses have not yet reached a mature state in terms of cyber security. The majority of businesses blame the current challenging economic climate for the failure to put effective cyber security measures in place in Zimbabwe.
The Zimbabwean business environment is changing, and cybercriminals are also adapting their tactics to attack banks, insurers, online merchants, and the healthcare industry. Zimbabwean companies need to up their game in terms of their cyber security.
Impact of Cybercrime on Businesses
A security breach's effects can be broadly categorized into three types: financial, reputational, and legal. African companies are sustaining severe losses from successful cyber incidents, and many have had their revenue and brand reputation seriously impacted.
The theft of corporate information, the theft of financial information such as bank account information or credit card numbers, the theft of money, fines, the disruption of trade such as the inability to conduct online transactions, or the loss of clients or contracts are the financial costs of cyber incidents. Businesses that have had cyber-breaches typically have to pay to repair harmed systems, networks, and devices.
Damage to a company's reputation will cause its relationships with its major stakeholders to deteriorate. The business-customer relationship depends on trust, and a lack of it can cause relationships to suffer. Due to the decreased demand for the company's products and decreased profits, this may have an adverse effect on sales. Damage to a company's reputation may also have an effect on its suppliers or on its relationships with partners, investors, and other interested parties.
Organizations in sensitive industries are frequently obligated to actively maintain the security of the data they hold, especially when it comes to personal data and information. If a company fails to implement the necessary security measures and this data is compromised, either accidentally or on purpose, it may be subject to penalties and regulatory sanctions, which will cause it to suffer significant financial damage.
Despite the challenging local operating climate, there is plenty that can be done to enhance any company's cyber security. Companies are urged to be mindful of cyber threats and take steps to reduce them by assessing their security capabilities and putting in place cybersecurity policies and controls. This could be accomplished by conducting routine network vulnerability assessments to scan, look into, analyze, and report on any security flaws found on internal networks and externally facing devices. Employees may also complete security training upon hiring as well as a security refresher course that emphasizes IT security and access communications. The success of Zimbabwean enterprises will be boosted by these and other initiatives.