Banks must examine the state of their security systems, identify gaps and design appropriate mechanisms to counter possible cyber attacks on their operations and processes, the First Deputy Governor of the Bank of Ghana (BoG), Dr Maxwell Opoku-Afari, has said.
According to him, regulatory compliance by banks itself was not cyber security and banks must put robust cyber security systems in place to protect them from cyber attacks.
Speaking at the official launch of the National Cyber Security Awareness Month (NCAM) 2021 in Accra on Friday, Dr Opoku-Afari, said the progressive digitisation of their operations and processes had made them become vulnerable to cyber attacks.
He said, it was therefore, important for banks to put measures in place to ensure that the security of electronic banking products and services were not compromised.
“The onus lies on banks to examine the state of their security systems, identify gaps and design appropriate mechanisms to counter possible cyber threats,” he said.
The First Deputy Governor said globally, cyber attacks on digitised payment products were increasingly becoming sophisticated, especially on financial institutions with insecure Information Technology systems.
“We have witnessed global cyber attacks which resulted in disruptions to some critical financial services and destroyed financial assets and savings,” he said.
He said current trends in cyber security pointed to significant increases in attacks against Critical Information Infrastructure and related organizations that were drivers of national economies such as banks,
He said addressing cyber security risks had become more important than ever and policy makers need to internalize this fact in their discourse.
The First Deputy Governor said it was important for institutions to undertake cyber security related due diligence and assessments, identify proper detective controls, and enforce third party and insider risk programmes to protect and safeguard their working environments from cyber related activities that were not conducive for growth
Dr Opoku-Afari said the BoG had introduced a number of initiatives to strengthen and secure the information security architecture of the banks, to ensure the systems at the banks are robust and resilient.
The directive, he said included the requirement for banks to appoint a Board Committee on Cyber and Information Security, assignment of Director of Cyber and Information Security and appointment of Chief Security Information Officers.
He said the BoG had worked collaboratively with the commercial banks to meet the governance requirements of the Directive, saying “The Directive has facilitated safer digital transformation with the adoption of cloud technologies.”
Dr Opoku-Afari disclosed that BoG had embarked on the Financial Industry Command Security Operations Center (FICSOC) project to help the industry have aggregated visibility into the cyber threat landscape confronting the sector, through monitoring and threat intelligence sharing.
The components of the FICSOC Project, he said included, Security Information and Event Management, Network Traffic Analysis, Threat Intelligence, and Digital Forensic Laboratory.
Dr Opoku-Afari commended the National Cyber Security Authority for institution the NCSAM to bring together players in the cyber security space to share experiences on protecting the country from cyber security threat and attacks.
He pledged that BoG would work closely with the National Cyber Security Authority to monitor trends of cyber security issues in the financial sector and ensure collaborative response to cyber security incidents.
BY KINGSLEY ASARE
