Directors Urged to Develop Capacity on Cybersecurity
Partner, Technology Advisory and Market, KPMG, Mr. Joseph Tegbe, has called on members of boards of various financial institutions to ensure that pay attention to the changing landscape of cybersecurity.
Tegbe gave the advice while delivering a keynote speech at the Bank Directors’ Conference recently, with the theme, ‘Cybersecurity in Banks, The Role Of The Board’
According to him, technology disruption is accelerating and more than half of the world population is on the Internet, with 14.2 billion things estimated to be connected to the internet by 2019 and 21 billion things by 2020. The digital evolution has introduced a new dimension into the enterprise risk landscape - the cyber risk. He, however, expressed fear that most board directors in financial institutions do not attach much importance to cybersecurity.
“In the last few years, cybersecurity has become a key focus in the financial sector. Cybersecurity is a ‘complex’ problem, it is multidimensional, unpredictable and constantly changing,” Tegbe said, and advised board members of financial organisations to give priority to best-in-class cybersecurity measure. While cybersecurity breaches might be fixed, its potential damage on the brand can become very expensive to repair,” he said.
He explained that the various categories of cyber enemy, which he called the enemy from the inside. He said they refer to threats from employees who are either disgruntled or are in pursuit of financial gains through fraudulent means. He explained that threats could also be from competitors or from hacktivist who are attacking for fun or for the purpose of a cause. Another category of cyber enemy according to him, is the state-sponsored category of a cyber attack which can be to sabotage or gain economic or political advantage.
Tegbe said: “The board must develop the capacity to ask the right questions. Cybersecurity should be everyone’s responsibilities. If employees are not well informed they can unknowingly become a back door for hackers. Everyone must stay abreast of the constantly changing world of cybersecurity as there are severe and several vulnerabilities in our environment. Some of them are API interphase fraud, SIM SWAP, BVN compromise, among others.”
“The most common of them is email spoofing, a situation where fraudulent emails are sent using an email address that look like the original ones,” he said, stressing that while a lot of banks invest in the digital strategy, it is important for the digital strategy to align with the cybersecurity strategy.
Addressing the various cybersecurity risks, Tegbe advised financial institutions to establish accountability for cyber risk, protect what matters, identify new cyber threats and risks proactively through threat Intelligence, assess the maturity of the cybersecurity program, manage third party cyber risk and prepare to effectively respond to cyber incidents
Speaking at the event, the Chairman of GTBank, Mrs. Osaretin Demuren said globally, most sophisticated hackers attempt to attack financial institution, but that in Nigeria most of the cybersecurity breaches are more of internal.