CBN asks organisation to administer cybersecurity policy at board levels

The Central Bank of Nigeria (CBN) has urged banks and other organisations to administer cybersecurity policy at the board levels.

Aishah Ahmad, chairman of the FITC board and CBN deputy governor, financial system stability CBN, said this in her address during the third edition of ThinkNnovation Cybersecurity conference organised by the Financial Institutions Training Centre (FITC), in Lagos.

She said this based on rising cybersecurity threats across organisations and added that there has been a lot of focus on financial institutions because of their interconnectedness.

Furthermore, Ahmad stated that organisations should focus on conducting desktop exercises, and sharing threat intelligence and that financial institutions should be mindful of smaller unlicensed third-party service providers. They should also look at the employees and users of financial institutions to create awareness.

The FITC reiterated the rising spate of digital risks fuelled by digitisation of banking services, and urged banks to adopt a cybersecurity framework.

Chizor Malize, FITC managing director/CEO, disclosed this at the conference themed: “Accelerating the adoption of Cybersecurity: Reimagine, Simplify, Grow’, held in Lagos.

She emphasised that digital risk is one of the topmost risks in the world today, post-pandemic and is being fuelled by the rise in digitisation of banking services.

Over the past few years, there has been an increase in cyber threats due to the post-pandemic global acceleration of digitisation across the financial services sector. This unprecedented increase in cyber threats has resulted in significant financial losses to both corporate entities and individuals globally.

To stem this negative trend, the CBN, revised the Risk-Based Framework and Policy Guidelines issued to banks and Other Financial Institutions (OFIs), and mandated banks and other financial institutions to comply with its provisions by January 1, 2023.

Read also: Buhari backs CBN’s currency redesign

“Digitalisation offers a large playing field for the growth of cybercrime. The risks continue to grow high, the threats continue to grow, the attacks become ceaseless, and every single one of us is prone, and while organizations drive the goals to digitise and automate operations, cyber risks proliferate. Every aspect of the digital enterprise has important cybersecurity implications”, she said.

Continuing, Malize disclosed that FITC Thinknnovation Cybersecurity conference was designed to tackle the rise in cybercrime by equipping chief information officers (CIOs), chief information security officers (CISOs), and their teams to establish cybersecurity as an enterprise-wide service.

In a report by the Centre for Strategic and International studies, it was stated that “financial institutions are leading targets of cyber-attacks.

“Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.”

“Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise. The strategic technologies programme studies the evolution of cyber threats to the financial system and legal and regulatory efforts to strengthen its defence,” the report said.

“We have also seen cyber incidents attacks on other critical infrastructure like pipelines in the US, hospitals in Germany, and so on around 2020 and we are not immune from these attacks in our country as well. The major countries in Africa that experienced cyber-attacks are large countries like South Africa, Nigeria, and the likes, but we saw an explosion of these attacks during and after the Covid-19 pandemic. However, these attacks have been largely unsuccessful, and we will continue to learn from these incidents”, she stated.

Highlighting the issue of the vulnerability that comes with cyber-attacks even on individuals, the keynote speaker at the conference, CEO/founder of Resolut Consulting, Canada, Daniel Monehin stated, “when you are attacked, data that you don’t even need or have ever accessed – these hackers gain access to it and if they have useful information that can be compromised, that’s it.”