The Financial Institutions Training Centre (FITC) has advised banks to adopt the Central bank of Nigeria’s cybersecurity framework against cybercrime.
The advice was given by FITC’s Managing Director/CEO, Chizor Malize, during the third edition of ThinkNnovation Cybersecurity Conference held in Lagos with the theme “Accelerating the adoption Cybersecurity: Reimagine, Simplify, Grow”.
Malize attributed the high spate of digital risks in Nigeria to the digitization of banking services.
The CBN recently revised the Risk-Based Framework and Policy Guidelines and mandated banks and other financial institutions to comply with its provisions latest by January 1, 2023.
The dangers of digital risks: According to Malize, digital risk is one of the biggest risks the world has faced since the COVID-19 pandemic. And that’s because digitisation enables cybercrime.
- “Digital risk is one of the topmost risks in the world today, post-pandemic, and is being fueled by the rise in the digitization of banking services. Over the past few years, there has been an increase in cyber threats due to the post-pandemic global acceleration of digitization across the financial services sector. This unprecedented increase in cyber threats has resulted in significant financial losses to both corporate entities and individuals globally.
- “Digitalization offers a large playing field for the growth of cybercrime. The risks continue to grow high, the threats continue to grow, the attacks become ceaseless, and every single one of us is prone, and while organizations drive the goals to digitize and automate operations, cyber risks proliferate. Every aspect of the digital enterprise has important cybersecurity implications.”
Banks and fintechs are targets: A report by the Center for Strategic and International Studies has shown that financial institutions are the main targets of cyber attacks. Part of the report said:
- “Banks are where the money is and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.
- “Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise. The Strategic Technologies Program studies the evolution of cyber threats to the financial system and legal and regulatory efforts to strengthen its defences.”
How to minimise risks: FITC’s Board Chair and CBN’s Deputy Governor in charge of Financial System Stability, Aishah Ahmad, used to occasion to
task organizations to start administering cybersecurity policy at the board level, conducting desktop exercises, and sharing threat intelligence. She said:
- “Financial institutions should be mindful of smaller unlicensed third-party service providers. They should also look at the employees and users of financial institutions to create awareness.”
Why banks must act: The Founder/CEO of Canada-based Resolut Consulting, Daniel Monehin, who gave the keynote speech at the event, said:
- “When you are attacked, data that you don’t even need or have ever accessed – these hackers gain access to it and if they have useful information that can be compromised, that’s it!”
He added that people easily recognise the threats of physical risks but often underestimate the threats of digital risks. And that is why people are eager to take actions that will ensure physical security (including building walls, gates, CCTV, access codes, etc.,) but are reluctant to do the same to ensure cybersecurity.
Crypto is the currency of choice for cybercriminals: Monehin, who said that cyberattacks have become much more aggressive and more widespread, stated that crypto is the currency of choice for hackers. In 2020 alone more than $400 million worth of crypto was paid to hackers. Today, hacking is now a service where cyber mercenaries now offer ransomware attacks as a service to other criminals.
Financial institutions must cooperate: Speaking further on how companies and organizations can build cyber resilience, Monehin stated that there are three things that organizations should focus on to build cyber resilience. These are cooperation, creation, and cultivation. He said companies should cooperate instead of competing, citing the examples of Europay, MasterCard, and Visa cooperating to create the EMV chip. He said NIBSS as an organization can drive this initiative of bringing everybody together in Nigeria.
The Chief Risk and Compliance Officer of Nigeria Interbank Settlement System (NISS), Temidayo Adekanye, also stressed that organizations must be constantly collaborative and innovative if we are to fight against the menace of cyber-attacks. He said:
- “We must make sure that we are consistently ahead of them. We must constantly change and challenge all assumptions, and test our infrastructure, our people and our processes. Also, we must contend with supply chain attacks and AI-based spear phishing.”
Recently we have seen an increase in cybercrime as a service. There are actors out there offering their service for a price within Nigeria, becoming a standard business model with attacks and tactics evolving dramatically. Let us not forget the human elements; the human factor is still the number one entry point in more than 80% of its occurrences.”