Bankers explore solutions to rising cyber attacks
The Executive Director of Risk at Access Bank, Mr Kolawole Ajimoko, has advised banks to be proactive in their fight against cyber attacks by actively monitoring and continuously reviewing their processes to be able to defend themselves against attackers.
Advertisement
“Banks have to be a step ahead of the attackers because if the attacker is ahead, then you will be defeated,” Mr Ajimoko said at the second annual cyber security breakfast forum in Accra.
The event was organised by Digital Jewels, an information technology (IT) governance, risk and compliance (GRC) firm with a focus on information security & IT governance.
Speaking on cyber security and banking operations in Ghana, Mr Ajimoko said evidence showed that attackers targeted almost every organisation, hence the need for banks to be proactive.
“Although you think you have done everything, if you are attacked, once your response is swift, then your customers will not suffer,” he said.
The Group Chief Information Officer of Fidelity Group, Mr George Mensah, also observed that financial institutions must become more aggressive in their fight against rising cyber criminals in order to retain the confidence of clients.
“Banks must be aggressive enough in combating cybercrime and the authority or mandate must come from the board level, trickle down to management executives and then to all staff in order to keep clients,” Mr Mensah said.
He noted that the agenda of financial institutions against cybercrime should be how to prepare, detect, resolve and maintain integrity in case of an attack.
“We are not aggressive enough; we need more focus, more attention, more budgetary allocation and improve on the way we do things and the way we see this threat.
If you do not recognise that you have a threat, nothing will move you to guard against it. There should be a continual aggression because it is with us and we cannot run away from it,” he added.
Focus of forum
The forum, which featured a section of executives from the banking, telecoms and other sectors of the economy, focused on the increasing activities of electronic fraudsters and how organisations can build resilience against such attacks.
It also sought to explore how the implementation of security standards such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO27001, a specification for information security management system could impact the fight against cybercrimes in the financial sector.
The Chief Executive Officer of Digital Jewels, Mrs Adedoyin Odunfa, noted that the spate of attacks and reach are increasing at an alarming rate.
She called for institutions to embrace the global standards that ensured basic security and management of client transactional information and data against ransomware.
Two of these standards, ISO27001 and Payment Card Industry Data Security Standards (PCIDSS), according to her, can help protect systems against basic attacks such as email fraud, phishing and others.
Speaking on the topic ‘Cyber Resilience: Thought Generators’, Mrs Odunfa explained that a cyber-resilient institution is one that has the capacity to withstand attacks or failures – intentional or otherwise– and in such events to re-establish itself quickly back to operational mode.
She added that the benefits of becoming a cyber-resilient institution are immense. “More secure processes and systems, strong controls with a strong control environment, a solid risk culture and a digitised and automated process,” she said.
The Deputy Chief Manager of IT at the Bank of Ghana, Mr Gilbert Addy, noted that the Central Bank was preparing to put in place a 24-hour monitoring system on how people would monitor banking transactions for irregular log-ins.
“The main thing we will be putting in place is what we call the Cyber Incident Event Monitoring System (CEMS), which will be able to pick logs from various sectors because humans have difficulties in picking logs, especially for big banks that generate so much logs.
“The CEMS will remotely check irregular patterns and this makes monitoring and taking action easier,” he said.
