Coronavirus: Banks prepare against increased cyber-attacks

While Ghana’s economy braces for the coming changes that COVID-19 seems to be bringing, it has become very much imperative for the banking system to intensify the cybersecurity aspects of their business continuity strategies.

Last week, the Bank of Ghana directed all Banks, Savings and Loans Companies, Finance Houses, Microfinance Institutions, Rural and Community Banks and Foreign Exchange Bureaus to activate their business continuity and disaster recovery plans.

However, there are increasing worries among both the financial intermediation firms and their customers that those strategies focus primarily on keeping their operations running in the face of disruptions to their physical and ICT-driven product and service delivery platforms, rather than on higher firewalls in a situation where digital platforms have to replace physical platforms.

“The risk of cyberattacks, in the era of COVID-19, has become the unseen threat rising in the digital space” asserts one digital banking chieftain. “These attacks would prey on the increased reliance on digital tools and the uncertainty of the crisis”.

In an interview, the Head, Technical Operations, e-Crime Bureau, Mr. Philemon Hini said, “most people are likely to subscribe to online banking as a result of the pandemic. This is because, if the lockdown continues and the situation does not improve, people will have to solely rely on internet banking for their day to day transactions.”

“That is where the threat is. So, we would be seeing a lot of attacks in the area,” he warned.

All of this makes it imperative that the banks integrate cyber resilience into their broader business continuity strategies to maximize their ability not only to protect against a data breach, but to detect when one has occurred and recover from it.

Experts warn that most often cybercriminals exploit human weakness to penetrate systemic defenses. In a crisis situation such as the COVID-19, particularly if prolonged, people tend to make mistakes they would not have made otherwise.

“For the online, making a mistake in terms of which link you click on or who you trust with your data can cost you dearly”, Mr. Hini noted.

The COVID-19 is being used in a variety of malicious campaigns being executed in virus afflicted countries, including email spam, Business Email Compromise, malware, ransomware, malicious domains, among others. As the number of those afflicted by the virus continues to surge, campaigns that use the disease as a lure likewise increase and banks in Ghana are now being asked to ready themselves.

According to Check Point, since January 2020, there have been over 4,000 coronavirus-related domains registered globally of which 3% have been found to be malicious and an additional 5% suspicious.

Mr. Hini noted that already this year, some companies and financial institutions in Ghana have suffered from cyberattacks.

“At this time, organizations should an eye on insiders, who have privileged information on the organization, such as contractors and former employees, since the environment is creating the opportunity for people to engage in cyber-attacks,” Mr. Hini warned.

According to the World Economic Forum, the vast majority of cyberattacks – by some estimates, 98 percent – deploy social engineering methods. Cybercriminals are extremely creative in devising new ways to exploit users and technology to access passwords, networks and data, often capitalizing on popular topics and trends to tempt users into unsafe online behaviour.

The Forum indicated that stress can incite users to take actions that would be considered irrational in other circumstances. For example, a recent global cyberattack targeted people looking for visuals of the spread of COVID-19.