Cybersecurity Awareness for Financial Institutions in Nigeria
What is Cybersecurity?
Cybersecurity is the organization of technologies, practices, and techniques designed to protect networks, devices, programs, and data from harm, attack, malware, viruses, hacking, theft of data, and unauthorized access.
Cyber-attacks against financial institutions are a growing global threat, including the Nigerian financial sector. A Business Day report on February 16, 2021, states that Nigerian banks lost N3.5 billion between July and September 2020 to fraud-related incidences, representing a 534-percent increase from the same period in 2019, when it was N552 million.
Also, the Nigeria Inter-Bank Settlement System (NIBSS) in its latest Industry Fraud Report found that the highest number of fraudulent cases (35.5% of the total) were committed on the web channel, transactions that are done using a web browser. Transactions done over phones were responsible for a loss of N410 million at 11.7 percent of the entire loss value.
In efforts to curb the growing threats, the Central Bank of Nigeria (CBN) has issued guidelines for improved Cybersecurity in the Nigerian financial sector, especially among the Other Financial Institutions (OFIs), setting January 1, 2023, as the deadline for compliance by all impacted institutions.
Some Common Cybersecurity Threats Faced by Financial Institutions
Phishing
Phishing (pronounced fishing) is the practice of impersonating a trustworthy person in electronic interactions to obtain sensitive information, such as credit card or debit card numbers, for malicious purposes. Phishing schemes targeting online banking have continually improved. They make themselves look genuine, yet they deceive you into giving them your access information.
Insider Threats
An insider threat is a security risk that originates from within the targeted organization. It typically involves a current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an organization, and who misuses this access. According to Cybersecurity and Infrastructure Security Agency CISA, 60% of data breaches are caused by insider threats.
Spoofing
This is one of the latest forms of cyber threats faced by financial institutions. The hackers will pose as a bank website’s URL with a website that is related to the original one and works the same way and when the customer enters his or her login records the login credentials are robbed by these hackers and they use it later.
Ransomware
Ransomware is a type of malware used to prevent a user or organization from accessing files on a computer. During a Ransomware attack, cybercriminals lock out victims from their computers by encrypting them with malware. Only after a ransom is paid can the damage be reversed.
Ransomware attackers use different forms of extortion techniques to force victims into paying a ransom. The most common one is posting greater amounts of illegally obtained sensitive information on forums until a ransom is paid.
Unfortunately, these extortion techniques work very well against financial institutions because of the strict regulations they are subject to, which demand exceptional resilience to cyberattacks and data breaches.
Cybersecurity Best Practices for Financial Institutions
Establish a Cybersecurity Policy
A cybersecurity policy is what governs a company's cybersecurity efforts. Your cybersecurity policy outlines all the steps and resources your business must take to protect its valuable assets from cyberattacks, acting as a single point of reference. The establishment of an efficient cybersecurity routine and long-term maintenance of good data protection is made easier for banks by having a documented cybersecurity policy in place.
Regularly Assess Risk
Identify the potential insider threats, cyberattacks, and third-party-related risks that could lead to the compromise of sensitive data. Be sure to take into account risks related to information systems, data processing, storage, and exchange. Determine whether your cybersecurity measures are adequate to respond to cyberattacks and system failures based on the risks that have been identified.
Limit Access to Critical Assets
You can greatly reduce the danger of a security breach by limiting the number of persons who have access to sensitive information. You can apply the principle of least privilege, which means granting each employee in your business only the access privileges necessary to perform their job requirements, to reduce the likelihood of privilege abuse.
Verify User Identity
Insecure user authentication can result in unauthorized access, data theft, the installation of malware, fraud, and other undesirable effects.
The fundamental idea of zero trust must be adhered to, and user identities must constantly be verified. Multi-factor authentication (MFA), which is a requirement of most cybersecurity standards in financial institutions, is one approach to accomplish this.
Have a Good Incident Response Plan in Place
Every financial institution should have a comprehensive incident response plan in addition to a cybersecurity policy (IRP). Clear response scenarios for cybersecurity incidents that could occur in your organization should be included in this document. Your security team's activities in an emergency will be guided by a written IRP.
A cybersecurity incident response plan (IRP) should outline what constitutes a cybersecurity incident, what steps must be taken in the event of one, how to recover lost data or repair damaged systems and any other relevant information that may be necessary to help you minimize the effects of an incident. It should also specify whom to call and notify first in case of an occurrence and clearly outline the duties within your incident response team.
Have Cyber Insurance in Place
Cyber insurance is a critical part of a cyber security strategy since it ensures that a company will be financially safe in the case of a cyberattack.
Cyber insurance firms not only inform clients of violations to keep legal costs in check but also to ensure that businesses abide by data breach laws. Additionally, cyber insurance will assist in covering the cost of replacing broken systems and restoring lost data.
Creating Cybersecurity Awareness
Financial institutions should occasionally train their employees on current cyber trends such as popular attacks, measures to protect their organizations, good password hygiene, and various phishing techniques.
Also, organizations should educate their customers on cybersecurity awareness. They can do this by regularly sending them emails and SMS on trending cyber-attacks.
Conclusion
The financial sector is one of the most highly regulated because banks and other financial institutions handle customers' private information, social security numbers, and financial records regularly.
To reduce the associated risk in this sector, financial institutions should comply with all applicable laws, regulations, and cybersecurity standards given by regulatory bodies like the Central Bank of Nigeria (CBN).