Now Reading:

Stakeholders Harp on Robust Cybersecurity Architecture for Financial Services in Nigeria

Security & Support	3963 VIEWS
Security & Support
3963 VIEWS

PROSHARE
PROSHARE

Saturday, September 12, 2020 / 04:06 AM / Nifemi Taiyese for Proshare WebTV / Header Image Credit: FITC

Financial Institutions Training Centre (FITC) Nigeria in collaboration with Nigeria Interbank Settlement System Plc (NIBSS) organized the Think Nnovation 2020 cyber security conference virtually which had as its theme: "Combatting CyberCrime - Strategies for Strengthening Emerging Markets."

Chizor Malize, CIMLon, MIoD, Managing Director / Chief Executive Officer FITC in her welcome address said the COVID-19 pandemic has exacerbated the level of cyber attacks in 2020 as organized crime groups have shown themselves to be ruthless and entrepreneurial, repurposing, phishing, attacking infrastructures and building fake websites with recorded increase in scams.

"In this age of digital transformation, there is hardly any process in businesses and personal lives that are not supported by IT. Information technologies dominate our everyday lives bringing cyber incidents on the rise. This has made cyberthreats and attacks increasingly frequent, sophisticated and destructive globally." she said.

She highlighted that the financial services sector serves as a perfect bed for hackers, as it contains information that spans everything a cyber criminal wants from bank accounts, financial details and identity data.

Malize in her address commented that she is proud of the collaborative approach in delivering the mandate of supporting the goals of strengthening the system and driving industry stability in the financial services sector.

Mr. Phang Hong Lim Senior Director, Supervisory Guidance Toronto Centre presenting the keynote address brought to the fore the importance of Sub Saharan Africa in achieving cyber resilience, due to the unique nature of cyber risks.

Speaking on the usual starting point for cyber regulators, he stated that it is important to have the required documents necessary to identify the critical assets that needs to be protected, while having clear responsibilities.

He noted that the systems used today in the IT space are not secure by design and can easily be exploited.

His presentation covered areas on how to help achieve resilience in the financial services sector.

"There's a need to develop regulatory and supervisory approaches, which will enable banks to attain effective control of cyber risks through developing effective cyber risk management which will help to provide stronger resilience for protecting customer information.", he said.

He stressed the fact that actionable intelligence will help to improve cyber security of financial institutions. According to him, security is only as strong as its weakest link. Banks should always consider their weakest link in the process chain of their cybersecurity defense. The need to adopt cyber threat intelligence for the sharing of information on cyber attacks regionally, globally, among industry experts and also at regulatory levels".

The expert called for the cooperation and coordination of the financial services institution, adding that the financial services sector needs the capability and talents to build cyber defense by changing the way of thinking to embrace innovation.

He brought to the fore the need to find better ways to respond quicker to cyber-attacks through technical solutions which according to him can be achieved through technological/innovation development.

Mr Lim also advocated the need to ramp up education and skills development in the tech space along with technological trends, and the need for the financial services sector to enhance cyber resilience.

The virtual conference featured several plenary sessions.

The first plenary session had its topic as 'Cybersecurity and Financial Services: Imperatives, Risks and Control'. The panelists were Favour Femi Oyewole Chief Information Security Officer, Access Bank, Christopher Wilson Monetary and Capital Market Department, IMF, Griffith Ehebha CRO, Interswitch Group, Ezekiel Oyeniyi Ajao Deputy Managing Director NIBSS and Adedoyin Odunfa CEO Digital Jewels moderating the session.

The DMD, NIBSS, Mr. Ezekiel Oyeniyi Ajao in setting the tone for the conversation identified cybersecurity to be information technology security, processes and practices that are designed to protect data, networks and devices from unauthorized access and attack.

Mr. Ajao said Nigeria's fraud analysis showed a moderate shift towards web and mobile channels, however it should be noted that the total number of attempts in H1, 2019 and H1, 2020 showed a 104% growth year on year.

He identified some of the common cyber-attack threats to watch out for as, ransomware, data breach/leakage, insecure application user face, cloud abuse, malware attack, loss of data, hacking, APT, single factor passwords and so on.

According to him "as businesses go digital, fraud will not only follow suit, but will also become more complex and lethal".

Speaking further he asserted that it is important for organizations to be aware of the following ways to protect their businesses from cyber-attacks.

Backing up of data
Keeping smartphones and tablets safe
Preventing malware damage
Avoiding phishing attacks
Using passwords to protect data

"CBN has mandated all DMBs, MMOs and switches to establish fraud desks for ongoing monitoring of fraud and cybercrime activity" he said.

Conclusively, he said customer education remains the most important means of mitigating social engineering attacks and institutions are encouraged to focus on this.

The Chief Information Officer Security Officer for Access Bank Mr. Femi Oyewole in his remarks said with the emergence of work from home, the battle to enforce data protection is now critical to prevent data leakages as insider threats has also contributed to cybercrimes through staff working with external syndicates to defraud organizations.

She advised that technology control will ensure that some of these threats are curbed, by taking proactive measures to ensure that every worker connected to enterprise network is accounted for to keep organization away from threats.

Mr. Griffith Ehebha, Chief Risk Officer, Interswitch Group highlighted the fact that threat actors have adopted a single method that has resonated across Africa, through the use of ransomware with updated signatures.

The CRO Interswitch emphasized the fact that there is need to protect data better and also manage incidence response against cyber threats.

"We need to put more resilience around our technology practices and practice incidence response more often" She said.

Mr Christopher Wilson of the Monetary and Capital Market Department, International Monetary Fund (IMF) giving his intervention mentioned that financial institutions implementing industry standards should ensure supervisors encourage an enterprise approach to risk management, and also adopt crisis management exercises.

He opined that the senior management has a role to play in implementing cybersecurity strategy and cascading it around the organization.

The second plenary session focused on 'Cybersecurity and Digital Transformation: Challenges for Emerging Markets'. The panelists were Tope Aladenusi Partner/Head, Cyber Risk Services Deloitte, West Africa, Ademola Adebise MD/CEO Wema Bank, Azeez Oluwafemi Head, Product and Innovation Flutterwave, Isaiah Adeleke representing Musa I. Jimoh Director Payment Systems CBN moderated by Nkemdilim U. Begho CEO Future Software Resources.

Mr. Tope Aladenusi Partner/Head, Cyber Risk Services Deloitte, West Africa provided the scope of pre plenary discourse covered digital transformation - Emerging Technology Trend 2020, cyber trends in emerging markets, cyber security challenges in emerging markets and combating cyber security challenges in emerging markets.

He said Banks in Nigeria are currently undergoing transformation through Artificial Intelligence, cloud, internet of things, robotics and so on that are the emerging trends of 2020.

Aladenusi added that "according to the Global Software Survey, approximately 57% of software used in Africa and the Middle East are unlicensed which means that upgrades and security patches will not be installed".

He stressed the fact that the challenges of cybercrime comes with embracing the technological advancements. He identified the challenges as shortage of cyber security skillsets, insufficient attention to cyber risks that come with digitalization and lack of collaboration and coordinated threat reports within similar industries.

To combat the challenge of cyber security, Mr Aladenusi said financial organizations need to develop and implement effective cybersecurity risk management system that will help in identifying risk areas and assist in reducing the impact of cyber incidence, and the enhanced ability to detect emerging threats and attackers moves while implementing 24/7 monitoring.

Mr Ademola Adebise, the MD/CEO Wema Bank, on his part said it is important to have external accessors to test systems of enterprises in order to minimize risk and deal with issues holistically.

Mr Azeez Oluwafemi, Head, Product and Innovation Flutterwave, in his contribution advised that when building a new product, security should not be an afterthought.

For him "When building a product that involves a payment system, it is important to go the extra mile to protect the system and the end users, because security is key".

He said information is key, thus an open sharing community should be created to alert players to understand the current trends, the last threats and how it was mitigated, in order not to be playing catch up with cyber criminals and to ensure that an attack does not repeat itself in the industry.

The third plenary session addressed the issue of 'Cybersecurity and IT infrastructure Protection', while the fourth and final plenary session covered 'Building Cybersecurity for Financial Services Growth'.