By Aduragbemi Omiyale
The need for the development of a robust strategy on cyber risks to protect the funds of investors and boost market confidence has again been emphasised by the Director-General of the Securities and Exchange Commission, Mr Lamido Yuguda.
While presenting a paper recently at the Central Securities Clearing System (CSCS) Plc Cyber Securities conference, Mr Yuguda said stakeholders must urgently work on this policy because cyber risks pose a significant threat to market confidence, integrity and efficiency because people’s hard-earned income and other financial instruments are saved and invested in it.
“In the Nigerian capital market, we clearly take issues on cybersecurity very seriously due to the increasing volume of data and information that are stored electronically, coupled with the increased adoption of digitization and digitalization options in processing market transactions on a daily basis.
“Today, more of our market activities are conducted through the use of technology than ever before. While this has significantly raised efficiency levels, it has introduced our market’s exposure to a new set of risks, including cybersecurity risk, which we must recognize and manage,” he said.
The DG said that the experience of the COVID-19 pandemic, which necessitated the activation of business continuity plans through remote operations has further increased the rate at which stakeholders embrace technology and underscores the critical need to protect our systems from existing and potential threats that are present in cyberspace.
Mr Yuguda stated that cyber-attacks on financial institutions are often with the aim of gaining access to sensitive and confidential information for illicit financial gains. With the increased interconnectivity among financial institutions, a cyber-attack from one location or entity may have an impact on the entire system, thereby compromising the functions and safety of several sectors of the economy.
It is in this regard he stated that SEC appreciates the efforts of the federal government, through the Office of the National Security Adviser, in developing the National Cybersecurity Policy and Strategy 2021.
“The policy is focused on achieving its objectives through strengthening cybersecurity governance and coordination, protection of critical national information infrastructure, enhancing cybersecurity incident management, strengthening legal and regulatory framework, enhancing cyber defence capability, promoting a thriving digital economy, and enhancing international cooperation, among others.
“In November 2021, the capital market community received updates from the Office of the National Security Adviser (NSA) at a workshop it sponsored for the Capital Market, and a detailed presentation on the national cybersecurity policy was also made at the Capital Market Committee (CMC) meeting in the fourth quarter of 2021.
“The International Organization of Securities Commissions (IOSCO) to which Nigeria is a full member, has also done considerable work in making its members aware of the increasing risks around Cybersecurity. The IOSCO Board has provided guidance through its ‘Guidance on Cyber Resilience for Financial Market Infrastructures’ report, indicating the various plans or measures that industry stakeholders could adopt to ensure cybersecurity.
“It encourages regulated entities to adopt practices that are appropriate to their unique functions. Nevertheless, it notes that these should cover the identification of critical assets, protection measures and controls to enhance security, detection of abnormal activity or patterns, response plans in the event of an attack, and recovery plans to resume operations.”
He disclosed that the SEC Nigeria is developing policy and regulatory responses to emerging cyber risks in its Rules and Regulations on capital market activities and products that leverage technology, as well as in the Minimum Operating Standards for capital market operators, for which clear provisions for cybersecurity have been made.
He stated that, “Due to the importance of data protection, the Federal Government created the Nigeria Data Protection Bureau (NDPB) in February 2022. The NDPB has issued a Compliance Notice introducing the National Data Protection Adequacy Programme (NaDPAP), which guarantees every citizen of Nigeria a Right to Privacy. This is one of the concerted efforts by the NDPB to create more awareness of the obligations of Data Controllers/Processors under the NDPR 2019.
“Therefore, awareness and action at the national level should spur the various sectors of the economy to protect themselves from cyber threat by ensuring that they adhere to either industry standards or national policy carefully.”
In further recognition of the role technology will continue to play in the markets, the DG disclosed that the commission was set to release its Guidelines on Minimum Operating Standards for Information Technology for Capital Market Operators (CMOs). The guidelines will cover, among other important areas, the Computing Environment, Information Technology/Information Systems Management and Governance, IT Business Continuity and Disaster Recovery.
He assured that the commission, through these guidelines, will encourage the establishment of an Information Security and Cybersecurity Policy to be in place to form part of the Enterprise IT Policy of capital market intermediaries, platforms and other financial market infrastructures.
“Within the guidelines, we expect stakeholders to conduct regular penetration tests at least annually to detect vulnerabilities and check the resilience of their networks and systems to threats and malicious activities.
“Cybersecurity is a critical issue for the financial sector, and the capital market is up to the task of ensuring that it provides the necessary safety nets for investors and stakeholders,” he added.
Mr Yuguda, therefore, stated that the CSCS had come a long way and today stands as a pillar in our market, given the fact that it is a critical and technology-driven market infrastructure, it is not only appropriate but well placed for it to organize discussions around cybersecurity.
Airtel Wins 5G Licence Auction in Nigeria
By Aduragbemi Omiyale
Airtel Nigeria, trading as Airtel Networks Limited, has made payment for the Intention to Bid Deposit (IBD) for the second 5G licence auction of the Nigerian Communications Commission (NCC).
The company, alongside Standard Network, expressed interest in the exercise, but the other bidder did not pay the required fee of $273.6 million on or before the December 5 deadline, as stipulated in the Information Memorandum (IM) guiding the auction process.
As a result, Airtel was announced as the winner of the offer and will join its rival, MTN Nigeria, to roll out 5G services to its subscribers in Nigeria.
MTN Nigeria and Mafab Communication had won the first 5G licence auction, with Airtel losing out because of the fee. However, only MTN has commenced operations, with the other yet to announce when it would roll out its services.
In October, Airtel Africa confirmed that it would partake in the plans of the NCC to auction additional two slots in the 3.5GHz spectrum auction to deepen the 5G network in Nigeria.
At the exercise, according to a statement issued by the Director of Public Affairs at NCC, Mr Reuben Muoka, Standard Network could not meet up with the IBD payment, a development that compelled the agency to announce Airtel as the sole bidder of the spectrum auction.
“The NCC hereby announces that by the close of business on Monday, December 5, 2022, only two companies expressed interest in the auction of the 3.5GHz Spectrum band, namely Airtel Networks Limited (Airtel) and Standard Network & Connections Limited (Standard Network).
“However, only Airtel paid the Intention to Bid Deposit (IBD) as stipulated in the Information Memorandum (IM) whereas Standard Network sent an email appeal for the deadline to be extended by 12 working days which was not acceptable in view of the auction timetable.
“Having met all the provisions in the IM, Airtel has, therefore, emerged as the sole Bidder.
“Consequently, there shall be no further bidding, and the commission will proceed to the Assignment Stage in line with the published Information Memorandum guiding the licensing process,” the NCC said in the statement.
FBNQuest Advises Firms What to do to Manage Rising Cyber-Attacks
By Adedapo Adesanya
As Africa faces the threat of rising cybercrimes, FBNQuest, through its Thought Leadership medium, has called on the need to recognise the strategic importance of managing companies’ security infrastructure.
In a note made available to Business Post, it stated that organisations of all sizes should be looking at what to do when (not if) they are hit by cyber-attacks.
Cybercrime is estimated to cost Africa $4 billion a year (a figure that hits $450 billion worldwide), broken down into yearly losses of $570 million, $500 million, and $36 million for the economies of South Africa, Nigeria, and Kenya, respectively.
Drawing real-life parallels, in early October 2020, Uganda’s telecoms and banking sectors were plunged into a crisis in the wake of a major hack on Pegasus Technologies that compromised the country’s mobile money network.
Hackers used approximately 2,000 mobile SIM cards to gain access to the system, and an estimated $3.2 million was stolen.
In June 2020, the second-largest hospital operator in South Africa, Life Healthcare, was hit by a cyberattack in the middle of the COVID-19 pandemic, paralysing the 6,500-bed provider and forcing it to switch to manual backup systems.
As per the International Criminal Police Organisation (Interpol), the most prominent threats in Africa, based on input from Interpol member countries and data drawn from private sector partners, identified that the top five threats listed in the report include online scams, digital extortion, email account compromise, ransomware, and botnets.
FBNQuest noted that “the current international threat landscape is incredibly diverse and includes a resurgence of bored teenagers who hack just for the fun of it, nation-state groups, and cybercriminal syndicates and gangs. For the latter groups, the operational objective is to leverage a new exploit to extort millions and achieve an extraordinary return on investment.”
It then tasked organisations to apply the fundamentals of cybersecurity that will offer protection. This includes tightening the email loop, which makes it difficult to fall for phishing attacks.
Others include fending off malicious ransomware, securing network access, shutting down internal threats, solidifying storage and backups, as well as managing vulnerabilities, noting that, “The key to successful vulnerability management is to identify all the ways an attacker can move throughout your network and reach your business-critical assets. Once you have identified these attack paths, you can focus on locking down chokepoints and stopping hackers before they even get started.”
It also tasked parties to ensure that a detailed Incident Response Plan (IRP) is put in place.
“Cyberattacks may be inevitable, but a detailed Incident Response Plan (IRP) provides both a buffer and an antidote if the plan is tested. This means that the first time to verify an IRP is not in the middle of a crisis.
“The best way to determine whether the company’s IRP is effective is through tests that assess the readiness of their incident response teams. These tests, which work for all-size companies, come in the form of fire drills and tabletop exercises (TTXs). Each test serves a different purpose.”
The company noted that while cyber-security has been largely associated with computers and IT infrastructure, greater consumer use of smart devices has raised overall vulnerability. At the enterprise level, shifting to cloud computing may have cut company costs significantly, but it has also increased the risk of digital attacks.
“Despite the broad-based implications of these risks, many businesses are unprepared to deal with them, as the alarming number of threats clearly indicates. These developments imply that security is no longer merely a concern of IT managers, but a key boardroom topic because enterprises need to recognise its strategic importance. Companies need to beef up their security infrastructure to prevent breaches while simultaneously building a sustained organisational culture of safety,” it warned.
African Fintech Targets 800% Revenue Growth by 2025—McKinsey
By Adedapo Adesanya
Revenues from financial technology (fintech) companies could grow by 800 per cent to reach $30 billion by 2025, consultancy firm McKinsey & Company has revealed.
As the fastest-growing start-up industry on the continent, African fintech raised over $1,3 billion in 2021 alone; the success of fintech companies is being fuelled by several trends, including increasing smartphone ownership, declining internet costs, expanded network coverage, and a young, fast-growing, and rapidly urbanizing population.
African fintech has a significant impact on day-to-day life on the continent, and with its current upward trend, it can be perfectly poised to rapidly advance Africa’s global competitiveness with an increase in the exporting of fintech services globally.
However, it said these fertile grounds do have challenges. Regulatory uncertainties and differences between countries are a bottleneck, throttling the expansion of financial inclusion in Africa. This has led to the continent’s fintech’s calling for a Pan-African regulatory body to define comprehensive regulatory policies for regions rather than countries.
Certain governments and the private business sector continuously work on providing regulatory policy frameworks for businesses, customers, and economies with the current focus on regulations, anti-money laundering scrutiny, consumer centrism, and protection of privacy and security of data.
In terms of regulations, digital-only banks and fintech are influenced by but independently regulated from the traditional financial system regulations.
For Anti Money Laundering Scrutiny, more regulatory bodies are insisting on compliance herewith; worldwide, there is a clampdown on non-compliant companies. This requires the verification of information received from the client to avoid fraudulent, terrorist, or other illegal activities being facilitated, supported by other processes such as Know Your Customer.
Also, fintech must be vigilant in consumer education, especially the consequences of services and products that did not exist before, protecting the consumer from being exploited.
For the protection of privacy and security of data, it warned that stored personal consumer information is susceptible to cyberattacks, and as a result, fintech companies must comply and have the necessary security systems and protocols to secure sensitive data.
The Global fintech Index of 2020 lists the top 100 fintech ecosystems, and four sub-Saharan African cities features, that are leading this sector, namely Johannesburg, Nairobi, Lagos, and Cape Town, and account for most of the continent’s fintech start-up funding.
“The countries represented by the four cities above have taken significant strides towards regulatory systems designed to protect stakeholders. Each country’s approach to regulations shares similarities, while others are unique to the challenges faced in their market.
“Regardless of the size of the fintech, these changes become prohibitive to the success of fintech due to the cost and/or inconvenience caused since they impact all areas of the customer relationship lifecycle,” it said.
Latest News on Business Post
- House of Reps Tells CBN to Suspend New Cash Withdrawal Limits December 8, 2022
- Finclusion Group Rebrands to Enhance Offerings, Market Footprint December 8, 2022
- GE Reduces Emissions With Mobile Gas Turbines December 8, 2022
- New Cash Withdrawal Policy Was Without Extensive Consultation—NECA December 8, 2022
- SEC Plans to Boost Value of Shariah-Compliant Products to N5trn by 2025 December 8, 2022
- Senate to Screen Ahmad, Adamu as CBN Deputy Governors December 8, 2022
- Airtel Wins 5G Licence Auction in Nigeria December 8, 2022
- Sanwo-Olu Appoints Folasade Coker as Executive Secretary of LJLA December 8, 2022
- Nigeria Needs 10 Years to Meet Yearly Sugar Production Target—Adedeji December 8, 2022
- Naira Appreciates on Dollar at P2P, Black Market, Drops at I&E December 8, 2022