An assessment of cyber attacks preparedness strategy for public and private sectors in Zambia.

Thumbnail Image
Mwila, Kingstone Ali
Journal Title
Journal ISSN
Volume Title
The University of Zambia
Cyber-attacks are the use of network and computer-based attacks to critical infrastructures and services that compromises the confidentiality, integrity, and availability to further the persona, political, economic, and military goals of the attackers. The nature and forms of cyber-attacks includes infrastructure sabotage, financial fraud, denial-of-service, data modification or deletion, theft of trade secrets and propaganda. Cyber-attacks can cause harm directly or indirectly to connected systems using botnet command control operators, organised criminal groups, hackers, insiders, and state-sponsored hackers using distributed denial-of-service attacks, Malware attacks, viruses and many more. This paper reports the results from the private and public sectors in Zambia that comprises the Health; Consumer Products; and Services; Manufacturing, Mining, Construction and Engineering; public sectors; Energy (Power, utility); ICT and Telecoms; and Banking and Finance. The study aimed at identifying whether Zambia utilises cyber-attacks preparedness strategy resources in an optimal manner to protect various assets. The study shows that Zambian private and public sectors have low level compliance and have experienced cyber-attacks which indicated only 10% could recover from the attacks within a day and the rest it will require days, weeks and months to recover. That calls for considered efforts in developing measures for mitigation of these challenges in order to ensure national cyber-attacks preparedness defence strategy. The study showed that the majority of organizations have understaffed cybersecurity personnel. The study shows less than 50% of the staff have cybersecurity training and 48.2% have the right skills. The study shows IT personnel manage cybersecurity instead of cybersecurity experts as a resulting weakness the security postures. The study indicated 70% availability of formal policies, documents, rules, and controls aimed at strengthening the security against cyber-attack is likely to yield more results if only the issues covered in the policies are implemented fully. The study shows 63% of the Organisations adopted cybersecurity frameworks or standards but the implementation is not in affect. However, this is likely to be weakened by the lack of reporting procedures of any suspicious or real cybersecurity breach, and the lack of a cyber-security emergency response team, as revealed by results of this study. This, therefore, calls for the need to develop a framework, based on the findings of this study that would specifically be tailored with other best frameworks and best practices towards addressing the problems of cybersecurity in Zambia. Keywords: Cybersecurity, Cyberwarfare, framework, Critical infrastructure and services, cyber-attacks, model, hacker
Cybersecurity readiness. , Computer crimes--Prevention.