Cybersecurity risks and e-fraud have continued to ravage global economies and businesses, with emerging market worst hit due to weak corporate governance and processes. To get more businesses and financial institutions to know more about the rising trend and ways to curb it, FITC/Nigeria Interbank Settlement System (NIBSS), held a Virtual ThinkNnovation Cybersecurity Conference where stakeholders shared knowledge and insights on curbing the increase in cybercrime. The conference drew industry experts and thought leaders in Cybersecurity, Technology and Financial services and regulators within and outside Nigeria to discuss avenues where the Nigeria Financial Services Sector can upscale its capacity to tackle emerging challenges in the Nigerian and African cybercrime space.
With the global digitization and shift towards a more connected tomorrow, cyberattacks and risks stemming from these innovations have increased in frequency and impact. The advent of telework arrangements necessitated by the COVID pandemic has seen cybersecurity risks rise significantly with current defences being challenged and weaknesses being exposed. Combined with the expanding threat landscape, organizations are seeing a steady rise in the number of security breaches, with many organisations experiencing stealthy, sophisticated, and targeted cyberattacks. The gap between cybersecurity risk and defensive effectiveness is now as wide as it has ever been for most companies.
As the number of cyberattacks increase, and take more time to resolve, the cost of cybercrime continues to rise. Organisations are now faced with an evolving and fluid threat landscape with cross jurisdictional actor parties that target every vulnerability.
FITC, Nigeria’s leading knowledge curating and performance improvement firm for the financial sector, in its zeal to bridge the gap between cybersecurity threats and defences, while demonstrating its technology-driven and innovation-led approach to value creation, collaborated with Nigeria Interbank Settlement System (NIBSS) to bring to stakeholders Africa’s largest virtual cybersecurity conference with the theme: Combating Cybercrime: Strategies for Strengthening Emerging Markets. The event attracted experts from across different sectors of the economy including Central Bank of Nigeria (CBN) Deputy Governor Financial System Stability, Ms. Aishah Ahmad CFA, Deputy Managing Director, NIBSS, Niyi Ajao, Chief Information Security Officer at FirstBank, Harrison Nnaji, Dr. Obadare Adewale Peter, Co-Founder and COO, Digital Encode, Chief Information Security Officer, Zenith Bank Plc, Festus Amede, NIBSS, Chief Information Officer at NIBSS, Wunmi Faiga, and the Security and Compliance Specialist at Microsoft, Somi Ochuba. Others are Keynote speaker, Senior Director, Supervisory Guidance, Toronto Centre, Phang Hong Lim and representative of CBN Payments Departments, Isaac Adeleke, Christopher Wilson, Senior Financial Sector expert in IMF, Partner/Head, Cyber Risk Services Deloitte, West Africa, Tope Aladenusi, Chief Information Officer at Access Bank, Favour Femi-Oyewole and Wema Bank CEO, Ademola Adebise, among others.
The seven (7) hours conference was attended by over 1000 delegates across five continents, 30 countries and 300 organizations. The conference’s virtual platform using AI technology mimicked and, in some cases, enhanced the experience beyond that of a physical conference. There was a networking arena, meeting lounge, exhibition booths, sponsors lounge, leadership boards and many more match making features that created a world-class experience for delegates.
Some of the major topics discussed include – Cybersecurity and Digital Transformation: Challenges for Emerging Markets; Cybersecurity and IT Infrastructure Protection; Cybersecurity and Financial Services: Imperatives, Risks and Control; Building Cybersecurity for Financial Services Growth; among others.
In her opening remarks, Managing Director /Chief Executive Officer FITC, Ms. Chizor Malize, said the programme is for collection and documentation of new knowledge in the areas of cyber security and finding new ways of tackling the menace.
She intimated that the FITC/NIBSS partnership has come to stay, saying the organisation is extremely delighted and proud of the engagements and thanked all the participants from across the globe.
According to her, FITC as an organization driven by technology and innovation is delighted to have organized the largest of such engagement on cybersecurity in Africa.
Read also: 86% of Nigerian organisations fall victim to public cloud cybersecurity incidents
‘’For over 15 years, FITC has published survey findings on Fraud and Forgeries cases in the Banking Industry, insights from this quarterly publication highlights the issue of cybercrime and the imperatives for players in the industry to build cybercrime fighting capacity relevant for today’s sophisticated digital world
This edition of the conference brings together thought leaders, industry experts and professionals representing the financial services, technology, and telecommunication firms from across Africa and six continents of the world.
In this age of digital transformation, there are hardly any process in businesses and personal lives that are not supported by IT. Information technologies dominate our everyday lives bringing a rise in cyber incidents. This has made cyberthreats and attacks increasingly frequent, sophisticated, and destructive globally.
Some of the increasing risks and threats facing organizations emanate from social engineering, ransomware, and security risks from IoT which necessitates integration and interoperability of devices. It also includes cloud misconfiguration and, in some cases, general data protection regulations and compliance that further exposes organizations with global operations. The COVID-19 pandemic also further exacerbated the level of cyber attacks in 2020’’.
According to her, organized crime groups have shown themselves more ruthless and entrepreneurial, repurposing phishing, attacking infrastructures, and building fake websites with recorded increase in scam. Businesses, corporate organizations, States and Nations are now more exposed to cyber threats and attacks than ever before. The financial services sector seems a perfect bed for hackers as financial institutions contain information that spans everything a cybercriminal wants all wrapped in one place: from bank accounts, financial details, to identity data.
Also speaking, CBN Deputy Governor Financial System Stability, Ms. Aishah Ahmad CFA, said the financial services sector is particularly susceptible to cybercrime given its crucial role of financial intermediation in a highly connected financial system. Aside significant financial losses, the sector is also exposed to potential compromise and loss of customer data, and disruption of operations, which undermine stakeholders’ confidence in financial system stability.
‘’The challenge of banking product security and abuse is impacting the adoption of products. If people find out that digital channels are getting more secured and that there are opportunities they can leverage when they have challenges, there are more chances that they will embrace the channels.
Cyber related risks have been a systemic concern for stakeholders since the turn of the century. The deepening integration of digital technologies into almost every facet of people’s lives has transformed the way they communicate, socialize, learn, do business and conduct financial transactions.
With over 50 per cent of the world’s population online and about one million joining each day; and two thirds owning a mobile phone linked to the internet; rampant spread of fifth generation (5G) networks, quantum computing and Artificial Intelligence, these risk exposures can only better be imagined.
Furthermore, as the world switched to social distancing and remote working, remote learning, remote shopping and electronic financial transactions, due to the impact of the covid-19 pandemic, more opportunities have opened for cyber criminals to prey on unsuspecting citizens and businesses’’
Ahmad said the use of online scams, phishing mail, disruptive malware, data harvesting malware and malicious domains, several which are laced with COVID-19 related themes to defraud bank customers is on the rise.
She said that Interpol’s August 2020 report on the cybercrime COVID-19 impact revealed that cyber criminals are developing and boosting their attacks at an alarming rate, exploiting the fear and economic uncertainty created by COVID-19 pandemic.
Speaking further, Ahmad said the CBN is committed to strengthening its regulatory and supervisory framework to boost the resilience of the financial system against cybercrime.
The apex bank, she added, issued a Risk Based Cyber Security Framework for deposit money banks and payment service providers in 2018 which amongst others prescribes annual cyber resilience self-assessments for proactive identification and remediation of weaknesses and mandatory incident reporting to normalize sharing of best practices across the industry.
“It is gratifying to note that most Nigerian banks have in place Security Operation Centers (SOCs) in line with global best practices, others have been encouraged to follow suit, whilst the CBN has also commenced the development of an industry wide SOC – CBN Cybersecurity Fusion Centre (C2FC) – to serve as a shared service platform for the Financial Sector providing cyber intelligence gathering, analysis, dissemination and crisis response,” she said.
Deputy Managing Director at NIBSS, Niyi Ajao, said the programme is crucial for the industry, as a way to guide industry wide cybersecurity development.
“We will continue to educate and inform stakeholders about cyber fraud threats to protect the system. We will keep partnering with stakeholders to share experience, and the participants to put what they learnt in practice to bring benefits to the industry and their companies,” he advised.
Ajao spoke on the theme: Cybersecurity and Financial Services: Imperatives, Risks and Controls. He stated that e-fraud is increasing due to increase in financial inclusion and e-payment adoption. He also added that from basic technology to AI, tools are readily available to rogue players who are after unauthorized access to data.
He said that Nigeria fraud analysis shows a moderate shift towards web and mobile channels, with the total number of attempted frauds up 104 percent year-on-year.
In his Keynote address, Senior Director, Supervisory Guidance, Toronto Centre, Phang Hong Lim, shared proven roadmaps to a more cyber resilient financial sector. He emphasized the imperatives for banks to develop an effective control and response framework for cyber risk including the implementation of general sound risk management practices to provide baseline cyber hygiene.
On the practical approach financial regulators can take to cultivate and promote cyber resilience, Mr. Phang Hong Lim stated that regulators in some jurisdiction favour a ‘principles’ based approach – where cyber issues can be handled with existing regulations relating to technology and operational risks, while others apply a more ‘prescriptive’ framework – where specific regulatory structure is needed to deal with the unique nature of cyber risk. Christopher Wilson, Senior Financial Sector expert in IMF, said supervisors can encourage enterprise risk management for organizational operations. He said supervisors can have a role in implementing and recognizing cyber risks and that companies should adopt ISO to boost their defence mechanisms.
Wema Bank CEO, Ademola Adebise, who was one of the speakers at the second plenary, shared that the bank started ALAT in 2017 and had known that cyber threats will occur. The bank, he added engaged a Chief Information Security Officer and took governance issues seriously ensuring that the CIO reports to the MD and risk management committee presents regular report to the board.
The Chief Information Officer at NIBSS, Wunmi Faiga, who was one of the speakers at the third plenary, said that people should be risk aware. The risk segment of the organisations should pay attention to the insider threats adding that some of the crimes are aided and abated by internal stakeholders.
She said that controls should be extended to homes as people have started working from home.
On third party risk, she said that it is a cashless world, and there’s demand for quick realtime services and that third party risk assessment is very critical for NIBSS, adding that all third parties connected to organizations should have the right governance.
Also speaking, Chief Information Security Officer at FirstBank, Harrison Nnaji, said there are two broad components in the financial services sector: the brick and mortar- over the counter transactions and digital transactions. He said that over the last decade, there have been migration to the digital platforms.
“You will not be surprised, that today, there are still some people that do not have payment cards because of fear. You have a situation where customers actually in the real sense do not need security, they need confidence in the digital products that banks offer,” he said.
According to him, financial service providers are expected to make sure that the products they put up are secured enough.
Co-Founder and the Chief Operating Officer of Digital Encode Limited, Obadare Adewale Peter said there is nothing like 100 per cent cybersecurity because any system can be digitally invaded. “You need to be able to take charge of architecture, design, implementation and operation of your security to be able to secure your systems. In building cyber security, a company’s chief information officer (CISO) needs to look beyond technology, and strike balance between the people, process, and technology. As a CISO, one needs leadership, material, and financial skills to build stable and robust technology. The CISO is expected to be dealing with a lot of stakeholders in the company and needs to be versatile,” he said.
Read also: What we learnt from American Business Council shift in consumer behaviour conference
“You need a strategy leadership and governance. You need to put in place operational model and organisation change management. You also need robust risk management framework because cybersecurity is all about risk management. What is very sure is that you need to understand the type of risk you are dealing with,” he advised.
Badare said that disgruntled employees and poor governance can cause data leakage and hacking. “Hacking can be technical, people-based or process-based. Cybersecurity should be prioritized from the beginning to determine the level of vulnerability. There is also need to classify data from public to confidential and the level of exposure for the data differentiated” he said.
Chief Information Officer at Access Bank, Favour Femi-Oyewole, added that data breach is top of the challenges for banks. For her, every organization is looking around best ways to solve emerging challenges in cybersecurity. “We have also seen insider abuse, and collusion with external fraudsters. We are also watching for patterns of people behaviours. There is also third-party risk among other issues,” she said.
Chief Information Security Officer, Zenith Bank Plc, Festus Amede, said that rapid adoption of technology without adequate defence mechanism and pressure on financial institutions to keep costs low remains a major challenge facing the adoption and deployment of digital products.
“Most emerging markets have their data centre in-house, only very few are in the cloud. Even though cloud is where to be, you need to prepare before migrating to the cloud. Account hijacking is also a major concern, especially with people using unsecured channels because of the challenges to grow the numbers. Using channels like USSD exposes bank customers a lot, as their SIM cards can be swapped, or your PIN harvested through phishing among other means,” he said.
Security and Compliance Specialist at Microsoft, Somi Ochuba, explained that as businesses embrace digital transformation, and compete with companies trying to develop their own technology, they would need to develop new digital capabilities using data and information. Data and information are the lifeblood of organizations, but they also attract criminal activities. Data protection is key as there are over seven billion internet connected devices in the world, excluding laptops and devices, which are sources of vulnerabilities.
“At Microsoft, we approach these challenges in two ways, there is the Microsoft advantage, and there is the Microsoft approach. Over 95 per cent of Fortune 500 companies run on the Microsoft cloud. We make significant investment into security operations. We invest over $1 billion in security every single year. We process over eight trillion signals everyday across emails, androids, apps, among others. The signals we have give us insight that we use to provide tools that customers need to protect their operations”.
Partner/Head, Cyber Risk Services Deloitte, West Africa, Tope Aladenusi, said digital transformation is now a common concept, with blockchain, internet of things, among others. He said technology has come with challenges. He said many compromise on bank operations and services meant for end users. He reiterated that companies must upgrade all their interfaces, servers and systems they have to keep them secured.
According to Aladenusi, many companies pay little or no attention to cyber risks, enforcement of legal framework and government regulation are not sufficient.
CBN representative of Director, Payment System, Isaac Adeleke, said the CBN has identified third party risk as key in tackling cyber risks. He said banks are expected to report fraud attempts, and there are structures to strengthen banks’ technology. The Bankers’ Committee is also helping to fight e-fraud. He said the CBN wants to ensure that banks comply with the national data protection Act.
Head, Product, and Innovation Flutterwave, Azeez Oluwafemi stated that there was need to educate and protect users from cyberattacks. He said that in building products and services, security should be considered.
Feedback from participants showed that the Conference was very insightful and impactful. One of the participants, Joshua Attahgani, of Federal Mortgage Bank, said the conference was a great experience. “It has been an interesting and engaging conference. The speakers displayed great depth of knowledge and shared roadmaps on how leading organisations have built cyber resilience for business sustainability,” he said.
According to Ruth Didam, Head of Learning, Bank of Agriculture, the conference was one of her best virtual event experiences. “The cyber security conference was so super amazing, insightful, and revealing. FITC was able to take virtual learning to another amazing level. Looking forward to the 2021 conference.”
About FITC
FITC is a world-class innovation-led knowledge and professional services firm providing cutting edge Learning, Consulting, and Research Services to clients within and outside Nigeria. FITC was established in 1981 as a non-profit organization limited by guarantee to provide capacity building and serve as a knowledge hub for the Nigerian Financial Services Sector. The organization is owned by the Bankers Committee, i.e. CBN, NDIC, and all deposit money banks in Nigeria.
For over three decades FITC has been at the forefront of innovative knowledge offerings designed for an array of C-suite executives, directors of banks and other financial institutions. FITC is a recipient of the International Federation of Training & Development Organizations (IFTDO) ‘Change Agent in Learning and Development in Africa’ Award.
About NIBSS
Nigeria Inter-Bank Settlement System Plc (NIBSS) was incorporated in 1993 and is owned by all licensed banks including the Central Bank of Nigeria (CBN). NIBSS has put in place modern world-class infrastructures for handling inter-bank payments to remove potential bottlenecks associated with inter-bank funds transfer and settlement. The company also operates the Nigeria Automated Clearing System (NACS) which facilitates the electronic clearing of cheques and other paper-based instruments, electronic funds transfer, Automated Direct Credits and Automated Direct Debits. NIBSS also operates the Nigeria Central Switch which interconnects all banks and other licensed payments service providers to provide interoperable services, including the Digital Bank Verification Number scheme. The company continues to lead in providing innovative services and remains at the forefront of championing fin-tech future in Africa.
