FITC/NIBSS Cybersecurity conference: The need for a robust cybersecurity strategy

Stakeholders have underscored the need for a Robust Cyber Security strategy and Risk Management Financial Services Growth Cybersecurity risks, as e-fraud have continued to ravage global economies and businesses, with emerging market worst hit due to weak corporate governance and processes.

To get more businesses and financial institutions to know more about the rising trend and ways to curb it, FITC/Nigeria Interbank Settlement System (NIBSS), held a Virtual ThinkNnovation Cybersecurity Conference where stakeholders shared knowledge and insights on curbing the increase in cybercrime.

The conference drew industry experts and thought leaders in Cybersecurity, Technology and Financial services and regulators within and outside Nigeria to discuss avenues where the Nigeria Financial Services Sector can upscale its capacity to tackle emerging challenges in the Nigerian and African cybercrime space.

With the global digitization and shift towards a more connected tomorrow, cyberattacks and risks stemming from these innovations have increased in frequency and impact. The advent of telework arrangements necessitated by the COVID pandemic has seen cybersecurity risks rise significantly with current defences being challenged and weaknesses being exposed.

Combined with the expanding threat landscape, organizations are seeing a steady rise in the number of security breaches, with many organisations experiencing stealthy, sophisticated, and targeted cyberattacks. The gap between cybersecurity risk and defensive effectiveness is now as wide as it has ever been for most companies.

As the number of cyberattacks increase, and take more time to resolve, the cost of cybercrime continues to rise. Organisations are now faced with an evolving and fluid threat landscape with cross jurisdictional actor parties that target every vulnerability.

FITC, Nigeria’s leading knowledge curating and performance improvement firm for the financial sector, in its zeal to bridge the gap between cybersecurity threats and defences, while demonstrating its technology-driven and innovation-led approach to value creation, collaborated with Nigeria Interbank Settlement System (NIBSS) to bring to stakeholders Africa’s largest virtual cybersecurity conference.

The event attracted experts from across different sectors of the economy including Central Bank of Nigeria (CBN) Deputy Governor Financial System Stability, Ms. Aishah Ahmad CFA, Deputy Managing Director, NIBSS, Niyi Ajao, Chief Information Security Officer at FirstBank, Harrison Nnaji, Dr. Obadare Adewale Peter, Co-Founder and COO, Digital Encode, Chief Information Security Officer, Zenith Bank Plc, Festus Amede, NIBSS, Chief Information Officer at NIBSS, Wunmi Faiga, the Security and Compliance Specialist at Microsoft, Somi Ochuba and Wema Bank CEO, Ademola Adebise, among others.)

The conference was attended by over 1000 delegates across five continents, 30 countries and 300 organizations. The conference’s virtual platform using AI technology mimicked and, in some cases, enhanced the experience beyond that of a physical conference.

Some of the major topics discussed include – Cybersecurity and Digital Transformation: Challenges for Emerging Markets; Cybersecurity and IT Infrastructure Protection; Cybersecurity and Financial Services: Imperatives, Risks and Control; Building Cybersecurity for Financial Services Growth; among others.

In her opening remarks, Managing Director /Chief Executive Officer FITC, Ms. Chizor Malize, said the programme is for collection and documentation of new knowledge in the areas of cyber security and finding new ways of tackling the menace.

According to her, FITC as an organization driven by technology and innovation is delighted to have organized the largest of such engagement on cybersecurity in Africa. She said,
“For over 15 years, FITC has published survey findings on Fraud and Forgeries cases in the Banking Industry, insights from this quarterly publication highlights the issue of cybercrime and the imperatives for players in the industry to build cybercrime fighting capacity relevant for today’s sophisticated digital world.

“Some of the increasing risks and threats facing organizations emanate from social engineering, ransomware, and security risks from IoT which necessitates integration and interoperability of devices. It also includes cloud misconfiguration and, in some cases, general data protection regulations and compliance that further exposes organizations with global operations. The COVID-19 pandemic also further exacerbated the level of cyber attacks in 2020.’’)

According to her, organized crime groups have shown themselves more ruthless and entrepreneurial, repurposing phishing, attacking infrastructures, and building fake websites with recorded increase in scam.

Also speaking, CBN Deputy Governor Financial System Stability, Ms. Aishah Ahmad CFA, said the financial services sector is particularly susceptible to cybercrime given its crucial role of financial intermediation in a highly connected financial system.

Aside significant financial losses, the sector is also exposed to potential compromise and loss of customer data, and disruption of operations, which undermine stakeholders’ confidence in financial system stability. She said,

“The challenge of banking product security and abuse is impacting the adoption of products. If people find out that digital channels are getting more secured and that there are opportunities they can leverage when they have challenges, there are more chances that they will embrace the channels.

“As the world switched to social distancing and remote working, remote learning, remote shopping and electronic financial transactions, due to the impact of the covid-19 pandemic, more opportunities have opened for cyber criminals to prey on unsuspecting citizens and businesses.’’)

Speaking further, Ahmad said the CBN is committed to strengthening its regulatory and supervisory framework to boost the resilience of the financial system against cybercrime.

“It is gratifying to note that most Nigerian banks have in place Security Operation Centers (SOCs) in line with global best practices, others have been encouraged to follow suit, whilst the CBN has also commenced the development of an industry wide SOC – CBN Cybersecurity Fusion Centre (C2FC) – to serve as a shared service platform for the Financial Sector providing cyber intelligence gathering, analysis, dissemination and crisis response,” she added.

Deputy Managing Director at NIBSS, Niyi Ajao, said the programme is crucial for the industry, as a way to guide industry wide cybersecurity development. He said,

“We will continue to educate and inform stakeholders about cyber fraud threats to protect the system. We will keep partnering with stakeholders to share experience, and the participants to put what they learnt in practice to bring benefits to the industry and their companies.”

Ajao spoke on the theme: Cybersecurity and Financial Services: Imperatives, Risks and Controls. He stated that e-fraud is increasing due to increase in financial inclusion and e-payment adoption. He also added that from basic technology to AI, tools are readily available to rogue players who are after unauthorized access to data.

In his Keynote address, Senior Director, Supervisory Guidance, Toronto Centre, Phang Hong Lim, shared proven roadmaps to a more cyber resilient financial sector. He emphasized the imperatives for banks to develop an effective control and response framework for cyber risk including the implementation of general sound risk management practices to provide baseline cyber hygiene.)

Wema Bank CEO, Ademola Adebise, who was one of the speakers at the second plenary, shared that the bank started ALAT in 2017 and had known that cyber threats will occur. The bank, he added engaged a Chief Information Security Officer and took governance issues seriously ensuring that the CIO reports to the MD and risk management committee presents regular report to the board.

The Chief Information Officer at NIBSS, Wunmi Faiga, who was one of the speakers at the third plenary, advised that people should be risk aware. The risk segment of the organisations should pay attention to the insider threats adding that some of the crimes are aided and abated by internal stakeholders. She said that controls should be extended to homes as people have started working from home.

On third party risk, she said that it is a cashless world, and there’s demand for quick realtime services and that third party risk assessment is very critical for NIBSS, adding that all third parties connected to organizations should have the right governance.

Also speaking, Chief Information Security Officer at FirstBank, Harrison Nnaji, shared that very importantly too, financial service providers need to build confidence in the digital products they offer. They need to make sure the products they put up are well secured.

Co-Founder and the Chief Operating Officer of Digital Encode Limited, Obadare Adewale Peter brilliantly shared that there is nothing like 100 per cent cybersecurity because any system can be digitally invaded. “You need to be able to take charge of architecture, design, implementation and operation of your security to be able to secure your systems. In building cyber security, a company’s chief information officer (CISO) needs to look beyond technology, and strike balance between the people, process, and technology. As a CISO, one needs leadership, material, and financial skills to build stable and robust technology. The CISO is expected to be dealing with a lot of stakeholders in the company and needs to be versatile,” he said.)

Chief Information Security Officer, Zenith Bank Plc, Festus Amede, said that rapid adoption of technology without adequate defence mechanism and pressure on financial institutions to keep costs low remains a major challenge facing the adoption and deployment of digital products.
“Most emerging markets have their data centre in-house, only very few are in the cloud. Even though cloud is where to be, you need to prepare before migrating to the cloud. Account hijacking is also a major concern, especially with people using unsecured channels because of the challenges to grow the numbers. Using channels like USSD exposes bank customers a lot, as their SIM cards can be swapped, or your PIN harvested through phishing among other means,” he said.

Security and Compliance Specialist at Microsoft, Somi Ochuba, explained that as businesses embrace digital transformation, and compete with companies trying to develop their own technology, they would need to develop new digital capabilities using data and information. Data and information are the lifeblood of organizations, but they also attract criminal activities.

According to her, Data protection is key as there are over seven billion internet connected devices in the world, excluding laptops and devices, which are sources of vulnerabilities.

According to Ruth Didam of Bank of Agriculture, the conference was one of her best virtual event experiences. “The cyber security conference was so super amazing, insightful, and revealing. FITC was able to take virtual learning to another amazing level. Looking forward to the 2021 conference.”

Leave a Reply

Your email address will not be published. Required fields are marked *