Why Nigerian Banks Must Have A Cyber Security Department
The alarming speed with which cybersecurity issues are infiltrating and taking over the nation is no longer news. More than ever, deliberate and concerted efforts must be made to save Nigeria from this menace. This being said a major sector that has the most attention from those cybercriminals is the banking and finance sector. This is no surprise since the majority of cybercriminals engage in the activities for financial gains.
Recently, the Central Bank of Nigeria rolled out a circular to all banks directing that they implement the directives of the Risk-Based Cybersecurity Framework and Guidelines for OFIs with a deadline of January 1st, 2023. This is a great move in the right direction that will have significant effects on the Nigerian financial sector.
But more than just implementing the directives of the Central Bank, there are several reasons why every bank in Nigeria must heighten their cyber security efforts chiefly through the establishment of a cyber security department.
I will be highlighting some of the reasons below.
Why All Nigerian Banks Must Have A Cyber Security Department
1. Data Protection from Unauthorised Access, Loss, or Deletion
If there is one institution that has the most accurate and up-to-date data on Nigerians, it is the banking sector, even more than the National Identity Management Commission (NIMC) and schools, thanks to the introduction of the Bank Verification Number (BVN).
People have also been utilizing digital payment apps for online shopping, food delivery, money transfers, and other activities since the wave of digitization hit full force. Since more people are choosing digital transactions, it is simple for hackers to access banking applications and steal users’ personal information.
Therefore, banking technology needs to be strict and watchful of cybersecurity dangers. Due to these circumstances, banks now have a pressing need to improve their banking technology to protect both themselves and their customers’ data from hackers.
To build a robust defence against such cyber security risks, more jobs in the field of cyber security are necessary. If there are no cyber security departments in banks, cybercriminals will continue to have access to the personal and corporate data of customers which can be used for identity thefts and online scams.
But not only data of customers can be stolen from banks. Without cyber security departments, confidential data belonging to the banks themselves like passwords, financial proceedings, staff profiles, and financial records can be transmitted and tampered with.
Most other forms of cybercrime are greatly hinged on this one. Once there is no more access to sensitive data, the fight against cybercrime is halfway to success.
2. Preventing Financial Fraud and Losses
This is the holy grail of the banking sector and the second reason why every bank in Nigeria must have a cyber security department. As a report from the Guardian newspaper revealed that at the year ending of 2018, over 2 billion Naira was lost to finance fraud alone, the issue becomes more disturbing.
If deliberate efforts are not made against cyber security issues, customers’ lives might become chaotic and also the bank’s as a result of a cybersecurity incident because financial frauds do beyond taking money away from people. It has several ripple effects that affect other areas of the individual’s life and the nation.
An increase in financial losses decreases the business potential of citizens thereby affecting the economy of the nation, affects family responsibilities thereby reducing the overall wellbeing of citizens, and takes the time and energy of citizens due to days spent trying to recover stolen funds thereby reducing their efficiency in the workplace, and so on.
But these losses do not just affect the customers. Banks have their fair share as well. The banks will have to undertake the time-consuming work of reviewing all financial transactions and statement information, cancelling cards, keeping a close eye out for data breaches, and attending court sessions if petitions are filed against them.
Then even more losses come trying to repay customers for stolen funds and regaining the financial status of the company. These ugly scenes make it a must for all banks in Nigeria to have a cyber security department.
3. Protection of the Bank’s Reputation
One of the core values of banks is that they are a signal of trust and that is the basic reason why they are still in business— people trust them enough to commit their monies to them. Any incident, therefore, that will try to breach the trust of clients is a cardinal enemy every bank fights and that is what cyber attacks achieve.
A single weak point in banking technology’s cybersecurity can seriously harm an organization’s reputation. Cybersecurity threats can erode public confidence and increase customer unease.
Why All Nigerian Banks Must Have A Cyber Security Department
Therefore, assembling a powerful team in the cyber security department of information security analysts, cyber security analysts, and other cyber security positions becomes essential. Even if the funds or sensitive data of customers are retrieved after a cyber attack, some customers will still prefer to opt for a bank that has had no record of a confidence breach.
The team of experts in the cyber security department should be intentional about seeing they are abreast and equipped with the best techniques to protect the bank against cybersecurity dangers. While systems should also be set in place to quickly respond to inevitable lapses, their approach should be tailored towards prevention rather than management.
4. Avoidance of Sanction
I started this article by pointing to the fact that the CBN rolled out a new directive (June 2022) making non-cybersecurity-complaint banks sanctionable from January 1st, 2023. This is another reason why every bank in Nigeria must have a cyber security department.
Like every other institution, banks are required to follow laws and regulations. One of them is assembling a capable team to handle cybersecurity threats. The consequences for breaking the rules are usually harsh.
For instance, five large banks have received sanctions from the Securities and Exchange Commission and the Central Bank of Nigeria for breaking more than 20 different laws, including those governing the foreign exchange market and anti-money laundering.
The banks include Fidelity Bank Plc, Access Bank Plc, Stanbic IBTC Holdings Plc, United Bank for Africa Plc, and Guaranty Trust Holding Company Plc. In the financial statements for the first half of 2021 submitted to the Securities and Exchange Commission, the five lenders recorded a combined fine of N1.46 billion.
Seeing that the CBN can be very strict on its words, it would be a lot more economical for Nigerian banks to establish cyber security departments than incur the cost of sanction.
Roles of Cyber Security Department in Banks
We have seen some reasons why every bank must have a cyber security department but just having one isn’t enough. The roles and responsibilities of the cyber security department need to be spelt out else the banks will just incur additional expenses with no positive return. Below are some of the duties of the cyber security department in banks.
1. Backup and Disaster Recovery (BDR)
Business continuity is maintained by BDR. It entails backing up systems and data and making sure they can be easily restored after a security event.
2. Cybersecurity Education
At least twice a year, cybersecurity training sessions should be provided to inform other staff members of risks and provide advice on how to recognize and respond to cyberattacks. These meetings give them a chance to voice their security worries and inquiries while also learning how to reduce risk at every level of the bank.
3. Endpoint Detection and Response (EDR)
EDR involves ongoing endpoint and network event monitoring. EDR solutions can be used by a company, in our case the banks, to track and report on internal and external threats, such as ransomware, malware, and other sophisticated cyberattacks.
4. Business Continuity Planning (BCP)
Using BCP, a bank can specify the procedures it will follow to restore data and systems in the event of a security incident. A business continuity plan details who is in charge of carrying out the various stages of the plan’s execution as well as protocols and procedures for recovering data and systems. It gives cybersecurity experts the ability to monitor data during a security issue and use this data to improve a cybersecurity plan.
3. Patch Administration
Software needs to be updated frequently to maintain maximum performance and safeguard against new online dangers. The banks can install security upgrades and patches as quickly as they are available thanks to computer-controlled and ongoing patch management. As a result, patches for any known security vulnerabilities are regularly applied to their systems.
4. Management of Vulnerabilities
Anytime a security vulnerability manifests, it needs to be fixed right away. A bank can utilize well-defined systems and processes to find and fix vulnerabilities thanks to vulnerability management. They may also employ vulnerability analysis in tandem with vulnerability management solutions to understand the entire security posture and build out an effective cybersecurity strategy.
5. Access Restrictions
Who has access to data and systems within the bank is controlled by cybersecurity professionals in charge of access controls. These experts must decide who requires access to data and systems to carry out their daily tasks efficiently. They should also keep access restrictions current; otherwise, former employees can still have access to the bank’s information and systems.
6. Performance of Applications and Networks
Applications and networks used by the banks must perform well, and this must be continuously checked. This enables the speedy identification and remediation of security issues that impair app or network operation before they result in downtime, outages, or technical glitches.
We have so far seen how and why every bank in Nigeria needs a cyber security department. From protecting the funds and data and the banks themselves to ensuring compliance with the directives of the Central Bank, there is more to be gained than lost with the establishment of a cyber security department in every bank.