Majority of banks’ systems unsecured- Cyber security expert

Financial institutions in the country would have to increase their investments in cyber security protection to prevent them from cyber-attacks that could cost them fortunes and reputational damages, a cyber security expert and Group Head of Information Security and Risk, Cellulant -Nairobi, Dr. Bright G. Mawudor has said.

According to him, most banks in the country do not have their database well-secured from the public.

“People invest very little in cyber security protection and they lose billions. They don’t report them every day, but they are actually losing a lot of money.

“There is something called “Shodan”; a search engine which helps find vulnerabilities in a country or for an organisation. So, when I searched for a common tool that is used by almost every bank in Ghana, guess what? They do not secure that.

“Majority of them are exposed to the public; something they are not supposed to. According to the Common Vulnerability Exposure Database (CVE Database), it shows that these organisations are vulnerable, meaning somebody can intercept the traffic between the bank and customers and see all the transactions that they are doing or the communication that is going through them”, he said.

Dr. Mawudor made this revelation in an interview with the B&FT on the side-lines of the 2017 Data Protection Conference held in Accra last week where he served as a speaker on data security and encryption.

He also encouraged organisations to prioritise the security of their systems, urging them to seek the services of experts in the area.

“Security is always an afterthought for organisations. They want products that are just giving services; they want final products to compete against their competitors, and they want to make sure that they are on top of everything; they are the first to release something, but security is always a thing that they come to think about at a much later stage.

They need to increase awareness about security issues; attend more of these data protection conferences to learn exactly how people get hacked and how they can prevent hacking,” he urged.

Speaking at the opening of the event, Executive Director of Data Protection Commission, Teki Akuetteh Falconer, noted that the state of data protection in the country is one that can be said to improving over the years.

She, however, encouraged individuals and institutions to report to the commission, data protection rights violations meted out to them by data handlers.

The two-day annual conference sought to discuss issues affecting data controllers and processors in the country following the implementation of the Data Protection Act, 2012 (Act 843).

It also addressed data protection trends in the region and worldwide, allowing experts to share their experiences and best practices.