Monday, 13 February 2017

Banks – Susceptible to cyber attacks

Cyber security expert, Albert Antwi-Bosiako, has cautioned banks to take internal cyber security measures seriously as there is a growing trend where insiders are facilitating attacks against institutions they work for. Whilst investing in cyber security measures banks should not only look at threats from the external environment, but also within the house, he said.
“There are also internal challenges too — we may not only think of blocking external attackers, but there is a growing trend where we have insiders facilitating attacks against their very institutions. So, the security approach should be dual, both external as well as internal threat. think we serioulsy need to invest a lot in cyber security measures going forward.”
Mr. Bosiako, at the National Cyber Security Week 2016 in Accra said the country is undergoing massive transformation when it comes to ICT as compared to other sub-Saharan African countries. He said, “Ghana is doing quite well in the ICT sector. Within the last few years, we have seen lot of developments within the sector.” Mr. Boasiako, who is the principal consultant at E-Crime Bureau, said the fact that the banking sector is very amenable to adopting technology makes it more vulnerable to cyber-crime. “Some of the applications that are being deployed to run e-banking systems have not been tested security-wise and the hackers take advantage of it,” he said.
He said the banking industry is losing about US$250,000 weekly due to cyber-crime and banks, and even the regulators cannot keep up. In his opinion, the financial industry in Ghana, is overwhelmed by cyber-attacks, therefore, the industry must invest more to educate users of online banking and conduct proper security assessments of banking apps and tools before rolling them out. “Email fraud is targeting SMEs a lot. SME emails are hacked and fictitious invoices are generated resulting in the payment of monies to fraudsters. With customers not fully prepared for Internet banking, there is a huge vulnerability or risk in the sector.” The Ministry of Communication is expected to present a national cyber security policy and strategy to parliament after Cabinet consideration.He further stated that, “The governance level, we expect CEOs to show major interest; that is the driving force to be able to get our cyber security infrastructure moving. We need corporate leaders to show the interest in this project. I think it is the central force that can get our industries getting compliance in cyber security practices.” The Bank of Ghana recently said that 80 % of fraud cases which came to light were cyber facilitated. This, Antwi-Boasiako said, moves into millions of cedis in terms of losses in the financial sector, adding that “the millions are not just in financial terms but the breach of care, the investigations cost and losses in terms of reputation. So, we need to invest in order to prevent these losses.”
Ghana’s cyber space is protected by the Electronic Transaction Act, 2008, which seeks to protect consumers against cyber fraud and attacks. The Act seeks to provide for the regulation of electronic communications and related transactions and to provide for connected purposes. The country also has the Data Protection Act, 2012 (Act 843), which provides the legal framework for the protection of personal information. The law provides for the process by which one could obtain, hold, use or disclose personal data while the Data Protection Commission has been established as an independent body to regulate and implement its provisions.
Ghana has also signed a Memorandum of Understanding (MoU) with the Commonwealth Cybercrime Initiative (CCI) on the best approaches needed to deal with the threats associated with Internet use. Ghana is not alone in facing the menace of electronic fraud. In February 2016, instructions to steal US$951million from the central bank of Bangladesh were issued via the SWIFT network – a platform that provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. Five transactions issued by hackers, worth US$101million and withdrawn from the Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded. Some US$20million of the amount, traced to Sri Lanka, was recovered; while another US$81million, traced to the Philippines, is yet to be recovered. The Federal Reserve Bank of New York successfully blocked the remaining amount of US$850million at the request of the central bank of Bangladesh.
e-crime Bureau is a cyber security and investigation agency which started about five years ago. It offers services such as cyber security, data protection and most importantly electronic related investigation and audit. It has been supporting the financial institutions, the telecom communications, multinational companies and has a strong collaboration with public sector institutions as well as state law enforcement agencies on cyberrelated issues. The company has been supporting institutions who offered e-payment services because of the kind of threats attached to the system.
The company is more interested in preventive measures, as its strategic objective is to be able to support businesses to adopt the best practices to ensure they prevented the frauds targeted at their e-payment platforms. It also offered security assessment and audit, which was key especially on e-payment platforms.

0 comments :

Post a Comment