Cybersecurity stakeholders under the auspices of Information Security Society of Africa – Nigeria (ISSAN), have called for an urgent review of the National Cybersecurity Protection Act of 2015 to meet with current realities.
This is as Speakers and Panelists at the Quarter 1, 2022 ISSAN Cybersecurity Conference with the theme: “Payment Systems Platform Security” in Lagos, also made case for a robust collaboration and coordinated efforts by all stakeholders including the government to stem the rising wave of cyber threats in the nation’s payment system platforms. They reiterated the need for a Cyber Insurance Policy for the industry.
President of ISSAN, Dr. David Isiavwe, who spoke on behalf of the association, stated that as the Covid-19 pandemic is gradually easing out, organizations are now settling for hybrid way of working and providing services for customers while being mindful of the enlarged cyber threat. He noted that new forms of attacks are being contrived and implemented by criminals through various means on individuals, nation states and corporate bodies, stressing that cyber security gate keepers are not spared as large sums of money are usually at risk in every successful attack.
According to him, “What we see on the horizon is that Business Email Compromise (BEC) attacks are becoming alarming; Ransomwares attacks are not relenting. There are more phishing and password targeted attacks. Denial of Service (DoS) and Distributed Denial-of-Service (DDoS) attacks remain a growing problem. The loss globally is colossal. In Africa, Nigeria is expected to lead in terms of estimated loss due to our size. There is therefore the urgent need to brainstorm on how to keep payment systems platforms safer,” he said.
For a way forward, Dr. Isiavwe who is also a General Manager at Ecobank Nigeria, emphasized that banks and organizations need to be proactive, keep customers educated and updated on new threats and trends in the cyber space, automate and continuously monitor their systems and infrastructure, and also place high premium on artificial intelligence, machine learning, robotics, and data analytics.
In his keynote address, Director, Payment System Management Department, Central Bank of Nigeria (CBN), Musa Jimoh commended the activities of ISSAN at enhancing a safer and secured payment ecosystem, stressing that the apex bank is committed to initiatives that would promote and enhance payment system security to check cyber fraud in the nation’s financial system. He maintained that the financial sector cannot afford to fail as the payment system is vital to the functioning of any economic system.
According to him, “Data security is important for customers and a tool for financial inclusion. Banks are the custodian of customers’ information based on trust and should therefore put structures in place to prevent breach and information theft. They should not compromise customers’ credentials as it would give cyber criminals access to defraud them.”
Jimoh further stated that the entrance of Fintechs to the financial landscape has engendered stiffer competition, noting that “all responsible officers in charge of information security in organizations should keep track and always check and see the right things are done for the entities that are allowed to connect to their infrastructure. Banks should address infrastructure deficiencies, ensure operational resilience, introduce second or multi-factor authorization, ensures banking payment infrastructure are formidable, address privacy violations, carry out end to end encryption to protect stored data, and also adhere to KYC provisions to avoid terrorism financing and money laundering,.”
In her technical presentation, Managing Director, CreditRegistry Plc, Dr. Jameela Ayedun, recommended a collaborative approach by banks, CBN, government agencies such as National Identity Management Commission (NIMC), Nigerian Communications Commission (NCC), Nigeria Inter-Bank Settlement System (NIBSS) and others to enhance cyber security.
According to her, “Cyber security is the responsibility of all. The cyber criminals are still on rampage therefore we must protect our payment systems and not give anything to chance. We must educate our consumers and should not be a silent victim. The payment service providers must have the basic requirements. Government also have role to play in this regard. We should emphasize privacy and integrity of our payment systems.”
Also, in his technical presentation titled: Anatomy of the New Fraudsters – A Nigeria Perspective, Head, Growth and Partnership – West Africa, BPC Technologies, Emmanuel Obinne, observed that cyber frauds transcend borders and boundaries. He gave a rundown of different types of frauds and maintained that relevant cyber laws should be put in place to check cyber criminality.
According to him, “Fraud management is a journey and not a destination. Proper laws should be in place to punish cyber criminals. Organizations should regularly upgrade their payment systems and security to avoid vulnerability. This will also fast track authorization and authentication of transactions. Second factor authorization is also important to check fraud. The customers must constantly be educated to make them have more confidence in the payment system.”
Other Panelists at the hybrid summit apart from Dr. David Isiavwe, include Chairman, Association of Chief Audit Executives of Banks in Nigeria (ACAEBIN), Yinka Tiamiyu; Chief Information Security Officer, Heritage Bank, Ighoakpo Eduje, and Managing Partner, Technology Advisors LLP, Basil Udotai. The session was moderated by Head, Internal Audit, FBN Holdings, Dr. Bode Oguntoke.