Zimbabwe is facing a critical challenge in its digital economy due to a significant rise in cybersecurity threats, as highlighted by recent findings from the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). During a sensitization workshop on the Data Protection Act held in Gweru, officials disclosed startling statistics, emphasizing the urgency of robust cybersecurity measures.
Tsitsi Mariwo, POTRAZ’s Director for Data Protection, delivered a compelling speech on behalf of Director General Gift Machengete, underscoring the precariousness of our digital world. “We are living in an exciting, yet hazardous digital world,” Mariwo stated, stressing the importance of personal data control to avoid risks such as identity theft, cyberbullying, and fraud. This workshop aimed to empower individuals with the knowledge and tools necessary to protect their personal information and manage data responsibly.
The urgency of these measures is underscored by the revelation that approximately 50 million passwords were compromised across Africa between July 2022 and February 2023. This staggering number signifies a widespread vulnerability that could have disastrous consequences if not adequately addressed.
The workshop highlighted a particularly troubling incident from 2021, where Martin Magomana, a University of Zimbabwe student, exploited security weaknesses in the school’s computer network. By unlawfully accessing the system, Magomana managed to allocate accommodation to students and illicitly earned $3,000. This case exemplifies the potential financial and institutional risks posed by inadequate cybersecurity.
In an interview conducted at the workshop, POTRAZ Deputy Director for CIRT and Enforcement, Evidence Mazhindu, expressed a stark warning: “No company is safe from hacking attacks,” emphasizing that critical infrastructure in Zimbabwe is particularly vulnerable. Mazhindu criticized the educational focus on theory over practical application, advocating for increased investment in research and development to fortify security measures.
Despite having nearly 10 million internet and data subscribers, a vast majority of Zimbabweans are unaware of their rights under the Cyber Security Act, with 85.3% unable to cite any specific rights and 77% unaware of the redress mechanisms available in the event of a data breach. This lack of awareness highlights the need for continued education and outreach to ensure that individuals and companies can protect themselves effectively.
The Cyber and Data Protection Act, enacted in 2021, designated POTRAZ as the Data Protection Authority, tasked with overseeing all data protection issues within the country. Since the Act’s promulgation, POTRAZ has embarked on a mission to engage stakeholders through various sensitization programs. The Gweru workshop is part of this ongoing effort and marks the first event of its kind in the Midlands Province.
POTRAZ has already conducted similar workshops in other major provinces including Harare, Masvingo, Mutare, and Bulawayo. Each workshop serves as a crucial platform for discussing and advancing the data protection dialogue, with the Gweru event being the fifth provincial workshop to contribute to this vital national conversation.