Kate Ejisu
The Managing Director/CEO, FITC, Chizor Malize, has called for accelerated adoption of cybersecurity framework in order to take care of unprecedented increase in cyber attacks that have led to significant financial losses to both corporate entities and individuals globally.
Welcoming participants at the third edition of ThinkNnovation Cybersecurity Conference, organised by FITC the Nigeria Interbank Settlement Systems (NIBSS) in Lagos, Malize emphasised that digital risk is one of the topmost risks in the world today, post-pandemic.
“Digitalisation offers a large playing field for the growth of cybercrime. The risks continue to grow high, the threats continue to grow, the attacks become ceaseless, and every single one of us is prone, and while organizations drive the goals to digitize and automate operations, cyber risks proliferate. Every aspect of the digital enterprise has important cybersecurity implications,”she said.
She explained: “It is against this background that the highly innovative and engaging FITC Thinknnovation Cybersecurity conference was designed. The conference aims to equip Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and their teams to establish cybersecurity as an enterprise-wide service.”
According to her, the aim of the conference as providing a roadmap to identify risks deeper, grow enterprise-wide risk appetites, identify risk gaps and make better decisions about bridging the gaps.
“It is here to better equip professionals to create sound policies, standards, and frameworks for cyber risk management. The conference also provides insights on governance and regulatory requirements. All of these have proven absolutely necessary to the successful implementation of Cybersecurity around organizations and the world at large,” she stated.
She disclosed that in a report by the Center for Strategic and International studies, it was stated that “Financial institutions are leading targets of cyber attacks. Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage. Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise. The Strategic Technologies Program studies the evolution of cyber threats to the financial system and legal and regulatory efforts to strengthen its defenses.”
In her address, the Chairman of the FITC Board and Deputy Governor Financial System Stability Central Bank of Nigeria (CBN), Aishah Ahmad,stated that there has been a lot of focus on financial institutions because of their interconnectedness.
“We have also seen cyber incidents attacks on other critical infrastructure like pipelines in the United States (US), hospitals in Germany, and so on around 2020 and we are not immune from these attacks in our country as well. The major countries in Africa that experienced cyber-attacks are large countries like South Africa, Nigeria, and the likes, but we saw an explosion of these attacks during and after the COVID-19 pandemic. However, these attacks have been largely unsuccessful, and we will continue to learn from these incidents,” she stated.
Ahmad advised that organisations should focus on:” having a cybersecurity policy administered at the board level; conducting desktop exercises, and sharing threat intelligence. Additionally, financial institutions should be mindful of smaller unlicensed third-party service providers. They should also look at the employees and users of financial institutions to create awareness.”
Highlighting the issue of the vulnerability that comes with cyber-attacks even on individuals, the keynote speaker at the conference, Chief Executive Officer/Founder of Resolut Consulting, Canada, Dr. Daniel Monehin, stated:“When you are attacked, data that you don’t even need or have ever accessed – these hackers gain access to it and if they have useful information that can be compromised, that’s it!”
“ We easily recognise the threats of physical security, but often underestimate the risks of cybersecurity; so we see them putting things in place to ensure physical security, like the high walls, gates, CCTV, access codes, and so on, but there aren’t multiple measures like this, taken against imminent cyber-attacks. According to the World Economic Forum’s Global Risk Report of 2022, ransomware attacks have increased by over 435 per cent since 2020.
Monehin, who added that cyberattacks have become much more aggressive and more widespread also stated that, crypto is the currency of choice for hackers, and in 2020 alone over $400 million worth of crypto was paid out to hackers, and today, hacking is now a service where cyber mercenaries now offer ransomware attacks as a service to other criminals.
Speaking further on how companies and organisations can build cyber resilience, Monehin stated that there are three things that organisations should focus on to build cyber resilience, and they are cooperation, creation and cultivation.
According to him, companies should cooperate, not compete citing the examples of Europay, MasterCard and Visa cooperating to create the EMV chip. He said NIBSS as an organisation can drive this initiative of bringing everybody together in Nigeria.
Tthe Chief Risk and Compliance Officer, NIBSS Temidayo Adekanye, during his goodwill message spoke on the measures to curb cybercrime. He stated that organisations must be constantly collaborative and innovative if we are to fight against the menace of cyber-attacks.
“We must make sure that we are consistently ahead of them. We must constantly change and challenge all assumptions, test our infrastructure, our people, and processes. Also, we must contend with supply chain attacks, and AI-based spear phishing” he stated.
“Recently we have seen an increase in cyber-crime as a service. There are actors out there offering their service for a price within Nigeria, becoming a standard business model with attacks and tactics evolving dramatically. “Let us not forget the human elements; the human factor is still the number one entry point in more than 80 per cent of its occurrences,” he added.
During the plenary sessions over the course of the two-day conference, several discussions took a deep dive into the issues facing cybersecurity adoption in this part of the world, some of which include bringing things up to speed, such as highlighting that focus should be on simplification, in order to build trust and aid effective dialogue with the board in organizations; by simplifying and designing processes, systems, and defining roles with human vulnerability in mind, to make digital estate become less complex, and this makes it more securable.
Also, simplifying communication; by translating cybersecurity vulnerabilities and issues into the language the business leaders understand, such as the economic realities, by linking cyber risks to business risks, will likely get their support. Simplifying third-party arrangements is also very important; therefore it is important to work with only partners that foster secure behaviors and shape organizational culture. On the long run, this helps to build trust with the business’ users/clients. The importance of documentation can also not be overemphasized, every request and approval process must be recorded in black and white.
Research reveals that the future of Cybersecurity is Neurodiverse. To leverage the power of neurodiverse talents, boards and leaders must rethink work and resourcing arrangements, rework KPIs to carefully suit each talent, to encourage the diverse capabilities and unique skills that each talent brings to the job, embrace neurodiverse leadership by encouraging diverse perspectives.
Collaboration, even across organizations is key. Leveraging threat intelligence and seizing the learning opportunities presented in the incidents experienced and those shared by industry peers, will lead to greater wins in the industry, as opposed to competing, especially because of the peculiarity and diversity of the issue of cyber-crimes.
The two-day cybersecurity conference brought together over 26 industry leaders, CISOs, CEOs and professionals as speakers, including Doyin Odunfa, MD/CEO Digital Jewels; Nkiruka Joy Aimienoho, Associate Risk Assurance Services & Cybersecurity Lead, PwC; Olusola Odediran, Ag. CISO, NIBSS; Alexander M.C Anago, Ambassador & Chief Data Officer, Institute of Information Management; Dr David Isiavwe, President, Information Security Association Africa; Oge Udensi, Regional Director, Cyber Governance SMBC; Lansana Daboh, Risk and Monitoring Officer, Inter-Governmental Action Group Against Money Laundering in West Africa (GIABA); Abdulkadir Suara, Deputy CISO, Union Bank of Nigeria, Chimaobi Ezeibe, Partner, Technology Risk Consulting, KPMG, Canada; Fatimah Adelodun, Information Security Manager, Nigeria Bulk Electricity Trading Plc; Opeyemi Onifade, Practice Leader, Afenoid Enterprise Limited; Oyawiri Oghenefovie, CISO, Standard Chartered Bank, Nigeria; Jude Anietie, Senior Manager, Information Security, MTN Group; Zechariah Akinpelu, CISO, Unity Bank Plc; Kelly Orijude, Cybersecurity Manager, Ernst & Young; Dr Blaise Ijebor, Director, Risk management , CBN; Okechukwu Umenao, HOD, Office of the Chief Economist, SEC; Johnson Alabi, Senior Manager, Financial Reporting Council of Nigeria; among others in a total of five plenary and 2 breakout sessions.
