FITC to banks: Adopt CBN’s cybersecurity framework to tackle rising cybercrime
•Links cybercrime uptick to digitisation of banking services
The Financial Institutions Training Centre (FITC) has reiterated the rising spate of digital risks fueled by digitization of banking services. FITC Managing Director/CEO, Chizor Malize, disclosed this during the third edition of ThinkNnovation Cybersecurity Conference held in Lagos, themed: “Accelerating the adoption Cybersecurity: Reimagine, Simplify, Grow.”
She explainedemphasized that digital risk is one of the topmost risks in the world today, post-pandemic and is being fueled by rise in digitization of banking services.
Over the past few years, there has been an increase in cyberthreats due to the post pandemic global acceleration of digitization across the financial services sector. This unprecedented increase in cyberthreats has resulted in significant financial losses to both corporate entities and individuals globally.
To stem this negative trend, the Central Bank of Nigeria (CBN), revised the Risk-Based Framework and Policy Guidelines issued to Banks and Other Financial Institutions, and mandated Banks and Other Financial Institutions to comply with its provisions by January 1, 2023.
“Digitalization offers a large playing field for the growth of cybercrime. The risks continue to grow high, the threats continue to grow, the attacks become ceaseless, and every single one of us is prone, and while organizations drive the goals to digitize and automate operations, cyber risks proliferate. Every aspect of the digital enterprise has important cybersecurity implications”, she said.
Continuing, Malize disclosed that FITC Thinknnovation Cybersecurity conference was designed to tackle the rise in cybercrime by equiping Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and their teams to establish cybersecurity as an enterprise-wide service..
In a report by the Center for Strategic and International studies, it was stated that “Financial institutions are leading targets of cyber attacks. “Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.”
“Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise. The Strategic Technologies Program studies the evolution of cyber threats to the financial system and legal and regulatory efforts to strengthen its defenses,” the report said.
Chairman of the FITC Board and Central Bank of Nigeria (CBN) Deputy Governor Financial System Stability CBN, Mrs. Aishah Ahmad in her address also stated that there has been a lot of focus on financial institutions because of their interconnectedness.
“We have also seen cyber incidents attacks on other critical infrastructure like pipelines in the US, hospitals in Germany, and so on around 2020 and we are not immune from these attacks in our country as well. The major countries in Africa that experienced cyber-attacks are large countries like South Africa, Nigeria, and the likes, but we saw an explosion of these attacks during and after the Covid-19 pandemic. However, these attacks have been largely unsuccessful, and we will continue to learn from these incidents”, she stated.
Furthermore, Mrs. Ahmad stated that organizations should focus on: having a cybersecurity policy administered at the board level; conducting desktop exercises, and sharing threat intelligence. Additionally, financial institutions should be mindful of smaller unlicensed third-party service providers. They should also look at the employees and users of financial institutions to create awareness.
Highlighting the issue of the vulnerability that comes with cyber-attacks even on individuals, the Keynote Speaker at the conference, CEO/Founder of Resolut Consulting, Canada, Daniel Monehin stated, “when you are attacked, data that you don’t even need or have ever accessed – these hackers gain access to it and if they have useful information that can be compromised, that’s it!” .
He said people easily recognize the threats of physical security, but often underestimate the risks of cybersecurity and that’s why people put things in place to ensure physical security, like the high walls, gates, CCTV, access codes, and so on, but there aren’t multiple measures like this, taken against imminent cyber-attacks.
According to the World Economic Forum’s Global Risk Report of 2022, ransomware attacks have increased by over 435 per cent since 2020.
Monehin who added that cyberattacks have become much more aggressive and more widespread also stated that, crypto is the currency of choice for hackers, and in 2020 alone over $400 million worth of crypto was paid out to hackers, and today, hacking is now a service where cyber mercenaries now offer ransomware attacks as a service to other criminals.
Speaking further on how companies and organisations can build cyber resilience, Monehin stated that there are three things that organisations should focus on to build cyber resilience, and they are cooperation, creation and cultivation. He said companies should cooperate, not compete citing the examples of Europay, MasterCard and Visa cooperating to create the EMV chip. He said NIBSS as an organization can drive this initiative of bringing everybody together in Nigeria.
Representing the CEO of Nigeria Interbank Settlement System (NISS), Premier Oiwoh, the Chief Risk and Compliance Officer, NIBSS Temidayo Adekanye during his goodwill message spoke on the measures to curb cyber-crime.
He stated that organisations must be constantly collaborative and innovative if we are to fight against the menace of cyber-attacks. “We must make sure that we are consistently ahead of them. We must constantly change and challenge all assumptions, test our infrastructure, our people, and processes.
Also, we must contend with supply chain attacks, and AI-based spear phishing” he stated. Recently we have seen an increase in cyber-crime as a service. There are actors out there offering their service for a price within Nigeria, becoming a standard business model with attacks and tactics evolving dramatically. “Let us not forget the human elements; the human factor is still the number one entry point in more than 80% of its occurrences”, he added.
During the plenary sessions over the course of the two-day conference, several discussions took a deep dive into the issues facing cybersecurity adoption in this part of the world, some of which include bringing things up to speed, such as highlighting that focus should be on simplification, in order to build trust and aid effective dialogue with the board in organizations; by simplifying and designing processes, systems, and defining roles with human vulnerability in mind, to make digital estate become less complex, and this makes it more securable.
Also, simplifying communication; by translating cybersecurity vulnerabilities and issues into the language the business leaders understand, such as the economic realities, by linking cyber risks to business risks, will likely get their support. Simplifying third-party arrangements is also very important; therefore it is important to work with only partners that foster secure behaviors and shape organizational culture. On the long run, this helps to build trust with the business’ users/clients. The importance of documentation can also not be overemphasized, every request and approval process must be recorded in black and white.
Research reveals that the future of Cybersecurity is Neurodiverse. To leverage the power of neurodiverse talents, boards and leaders must rethink work and resourcing arrangements, rework KPIs to carefully suit each talent, to encourage the diverse capabilities and unique skills that each talent brings to the job, embrace neurodiverse leadership by encouraging diverse perspectives.
Collaboration, even across organizations is key. Leveraging threat intelligence and seizing the learning opportunities presented in the incidents experienced and those shared by industry peers, will lead to greater wins in the industry, as opposed to competing, especially because of the peculiarity and diversity of the issue of cyber-crimes.
The two-day cybersecurity conference brought together over 26 industry leaders, CISOs, CEOs and professionals as speakers, including Doyin Odunfa, MD/CEO Digital Jewels; Nkiruka Joy Aimienoho, Associate Risk Assurance Services & Cybersecurity Lead, PwC; Olusola Odediran, Ag. CISO, NIBSS; Alexander M.C Anago, Ambassador & Chief Data Officer, Institute of Information Management; Dr David Isiavwe, President, Information Security Association Africa; Oge Udensi, Regional Director, Cyber Governance SMBC; Lansana Daboh, Risk and Monitoring Officer, Inter-Governmental Action Group Against Money Laundering in West Africa (GIABA); Abdulkadir Suara, Deputy CISO, Union Bank of Nigeria, Chimaobi Ezeibe, Partner, Technology Risk Consulting, KPMG, Canada; Fatimah Adelodun, Information Security Manager, Nigeria Bulk Electricity Trading Plc; Opeyemi Onifade, Practice Leader, Afenoid Enterprise Limited; Oyawiri Oghenefovie, CISO, Standard Chartered Bank, Nigeria; Jude Anietie, Senior Manager, Information Security, MTN Group; Zechariah Akinpelu, CISO, Unity Bank Plc; Kelly Orijude, Cybersecurity Manager, Ernst & Young; Dr Blaise Ijebor, Director, Risk management , CBN; Okechukwu Umenao, HOD, Office of the Chief Economist, SEC; Johnson Alabi, Senior Manager, Financial Reporting Council of Nigeria; among others in a total of five plenary and 2 breakout sessions.
Malize said the aim of the conference is to provide a roadmap to identify risks deeper, grow enterprise-wide risk appetites, identify risk gaps and make better decisions about bridging the gaps. It is here to better equip professionals to create sound policies, standards, and frameworks for cyber risk management. The conference also provides insights on governance and regulatory requirements. All of these have proven absolutely necessary to the successful implementation of Cybersecurity around organizations and the world at large.
As the world-class, innovation-led and technology-driven knowledge organization, FITC in collaboration with the Nigeria Interbank Settlement Systems (NIBSS) developed the ThinkNnovation Cybersecurity Conference, which has held every year since 2020, as a part of its continued commitment to enhance industry knowledge and provide a platform where stakeholders from around the world in the financial services and other sectors of the economy discuss salient issues on post-pandemic cybersecurity developments and how organizations can build cybersecurity resilience in an increasingly interconnected world.