Banks asked to be wary of internal cyber attacks

Cyber security expert, Albert Antwi-Bosiako, has cautioned banks to take internal cyber security measures seriously as there is a growing trend where insiders are facilitating attacks against institutions they work for.

Whilst investing in cyber security measures, banks, he said, should not only look at threats from the external environment, but also in-house.

“There are also internal challenges, sometimes…we may think we want to block external attackers but there is a growing trend where we have insiders also facilitating attacks against their very institutions. So, the security approach should be dual, both external threat and also internal threat; I think we need to invest a lot in cyber security measures going forward.”

Mr. Antwi-Bosiako who spoke to the B&FT at the National Cyber Security Week 2016 in Accra said the country is undergoing massive transformation when it comes to ICT as compared to other sub-Saharan African countries.

“Ghana is doing quite well in the ICT sector. Within the last few years, we have seen a lot of developments within the sector. The banking sector, private sector and the government sector have all benefited. Quite a lot has happened, not also forgetting the growing trend of Ghanaians using social media for different activities. So, that is the environment we find ourselves; but there is a critical need and one factor is the risk around the cyber infrastructure.

Mr. Antwi-Boasiako, who is the principal consultant at E-Crime Bureau, said the fact that the banking sector is very amenable to adopting technology makes it vulnerable to cyber-crime.

Some of the applications that are being deployed to run e-banking systems have not been tested security-wise and the hackers take advantage of it, he said.

“At the governance level, we expect CEOs to show major interest; that is the driving force to be able to get our cyber security infrastructure moving. We need corporate leaders to show the interest in this project. I think it is the central force that can get our industries getting compliance in cyber security practices,” he said.

The Bank of Ghana recently said 80 percent of fraud cases which were reported to it were cyber facilitated.

This, Antwi-Boasiako said, moves into millions of cedis in terms of losses in the financial sector, adding that “the millions are not just in financial terms but the breach of care, the investigations cost and losses in terms of reputation. So, we need to invest in order to prevent these losses.”

The Ministry of Communication is expected to present a national cyber security policy and strategy to parliament after Cabinet consideration.

Ghana’s cyber space is protected by the Electronic Transaction Act, 2008, which seeks to protect consumers against cyber fraud and attacks. The Act seeks to provide for the regulation of electronic communications and related transactions and to provide for connected purposes.

The country also has the Data Protection Act, 2012 (Act 843), which provides the legal framework for the protection of personal information.

The law provides for the process by which one could obtain, hold, use or disclose personal data while the Data Protection Commission has been established as an independent body to regulate and implement its provisions.

Ghana has also signed a Memorandum of Understanding (MoU) with the Commonwealth Cybercrime Initiative (CCI) on the best approaches needed to deal with the threats associated with Internet use.