By Modupe Gbadeyanka
An urgent review of the National Cybersecurity Protection Act of 2015 has been called for by the Information Security Society of Africa, Nigeria (ISSAN).
According to the cybersecurity stakeholders, the review will make the law meet the current realities as it will capture the latest trends in the industry.
Speaking at the Quarter 1, 2022 ISSAN Cybersecurity Conference themed Payment Systems Platform Security in Lagos, the president of ISSAN, Dr David Isiavwe, said as the COVID-19 pandemic is gradually easing out, organisations are now settling for a hybrid way of working and providing services for customers while being mindful of the enlarged cyber threat.
He noted that new forms of attacks are being contrived and implemented by criminals through various means on individuals, nation-states and corporate bodies, stressing that cyber security gatekeepers are not spared as large sums of money are usually at risk in every successful attack.
“What we see on the horizon is that Business Email Compromise (BEC) attacks are becoming alarming; Ransomware attacks are not relenting. There are more phishing and password targeted attacks.
“Denial of Service (DoS) and Distributed Denial-of-Service (DDoS) attacks remain a growing problem. The loss globally is colossal. In Africa, Nigeria is expected to lead in terms of estimated loss due to our size. There is, therefore, the urgent need to brainstorm on how to keep payment systems platforms safer,” he said.
For a way forward, Dr Isiavwe, who is also a General Manager at Ecobank Nigeria, emphasised that banks and organisations need to be proactive, keep customers educated and updated on new threats and trends in cyberspace, automate and continuously monitor their systems and infrastructure, and also place a high premium on artificial intelligence, machine learning, robotics, and data analytics.
In his keynote address, Director, Payment System Management Department, Central Bank of Nigeria (CBN), Mr Musa Jimoh commended the activities of ISSAN on enhancing a safer and secured payment ecosystem, stressing that the apex bank is committed to initiatives that would promote and enhance payment system security to check cyber fraud in the nation’s financial system.
He maintained that the financial sector cannot afford to fail as the payment system is vital to the functioning of any economic system.
According to him, “Data security is important for customers and a tool for financial inclusion. Banks are the custodian of customers’ information based on trust and should therefore put structures in place to prevent breaches and information theft. They should not compromise customers’ credentials as it would give cybercriminals access to defraud them.”
Mr Jimoh further stated that the entrance of Fintechs to the financial landscape has engendered stiffer competition, noting that “all responsible officers in charge of information security in organizations should keep track and always check and see the right things are done for the entities that are allowed to connect to their infrastructure.
“Banks should address infrastructure deficiencies, ensure operational resilience, introduce second or multi-factor authorisation, ensures banking payment infrastructure are formidable, address privacy violations, carry out end to end encryption to protect stored data, and also adhere to KYC provisions to avoid terrorism financing and money laundering.”
In her technical presentation, Managing Director, CreditRegistry Plc, Dr Jameela Ayedun, recommended a collaborative approach by banks, CBN, government agencies such as National Identity Management Commission (NIMC), Nigerian Communications Commission (NCC), Nigeria Inter-Bank Settlement System (NIBSS) and others to enhance cyber security.
According to her, “Cyber security is the responsibility of all. The cybercriminals are still on a rampage therefore we must protect our payment systems and not give anything to chance.
“We must educate our consumers and should not be a silent victim. The payment service providers must have the basic requirements. The government also has a role to play in this regard. We should emphasise the privacy and integrity of our payment systems.”
Also, in his technical presentation titled: Anatomy of the New Fraudsters – A Nigeria Perspective, Head, Growth and Partnership – West Africa, BPC Technologies, Emmanuel Obinne, observed that cyber frauds transcend borders and boundaries. He gave a rundown of different types of frauds and maintained that relevant cyber laws should be put in place to check cyber criminality.
According to him, “Fraud management is a journey and not a destination. Proper laws should be in place to punish cybercriminals. Organizations should regularly upgrade their payment systems and security to avoid vulnerability. This will also fast track authorization and authentication of transactions. Second-factor authorization is also important to check fraud. The customers must constantly be educated to make them have more confidence in the payment system.”
Other panellists at the hybrid summit were Chairman, Association of Chief Audit Executives of Banks in Nigeria (ACAEBIN), Yinka Tiamiyu; Chief Information Security Officer, Heritage Bank, Ighoakpo Eduje, and Managing Partner, Technology Advisors LLP, Basil Udotai. The session was moderated by the Head, Internal Audit, FBN Holdings, Dr Bode Oguntoke.