National security, cybercrime and the CBN

CBN governor Godwin Emefiele

“Cryptomining attacks gave cyber criminals an easy foothold into company networks. It was a year of massive data leaks, expensive ransomware payouts, and a vast, new, complicated threat landscape. And it was a year that saw cyber criminals up their threat game in a big way” (2021 Cyber Security Threat Report).

Since Nigeria enacted the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 as the legal framework for the codification of criminal activities in the cyberspace, there have been challenges in tackling it, though success has reportedly been recorded on multiple fronts.

Analysts are united in the view that the Central Bank of Nigeria (CBN) has a pivotal role to play in this battle, especially on account of its dire consequences on the nation’s financial institutions as well as international image. Reports have it that the CBN has taken some bold, new and courageous steps in confronting the issue. The apex bank initiated a policy, to further strengthen the institutional push against this dangerous crime on the cyberspace. How did the fresh move by the apex bank kick off?

The apex bank fired the salvo by releasing the ‘Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs)’, owing to the steady rise in the number and sophistication of cybersecurity threats against financial institutions.

To give teeth to the policy, the apex bank also set January 1, 2023 as the effective date for full compliance with the provisions of the guidelines.

In fact, the apex bank said the directive became mandatory for the relevant institutions to strengthen their cyber defenses if they were to remain safe and sound.

Let us reflect on the essential elements of the circular issued last year on June 29, 2022, and signed by the CBN Director, OFIs Department, Nkiru Asiegbu. Media reports showed that the Circular was addressed to all OFIs under the regulation of the banking sector regulator, to achieve the desired spread and impact.

What is obvious about the guidelines is that they represented the minimum requirements to be put in place by all OFIs.
The regulator pointedly noted that the safety and soundness of OFIs required that they operate in a safe and secure environment. Consequently, the platform on which information is processed and transmitted should be managed in a way that ensures confidentially, integrity and availability of information as well as the avoidance of financial loss and reputation risks among others.

The other point of note raised by the apex was that considering the dependence of financial institutions on information and communications technology (ICT) to operate their business and the rising incidences of cyber threats and attacks targeted at financial institutions, it is necessary to implement cybersecurity measures to mitigate against those risks.

What dimensions are some of these threats that compelled the apex Bank to step up action? The threats include ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) which have all become so frequent. The frequency and expansion of these dimensions of cybercrime also means that financial institutions should boost cyber resilience, while taking proactive steps to secure their critical information assets in order to ensure both their safety and soundness.

There are other objectives of the new guidelines. It is designed to ensure a safer and more secure cyber environment that supports information system security and enhance the stability of the OFI sub-sector.

It is understandable that the new policy also seeks to promote and maintain public trust and confidence in the sub-sector while contributing towards prevention and combating cybercrime in the OFI sub-sector.

Significantly, the framework provides a risk-based approach to managing cybersecurity risk and consists of six parts namely Cybersecurity Governance, and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience; Cyber-Threat Intelligence and Metrics Monitoring and Reporting.

It is undeniable that the damaging effects of rising crime on the nation’s cyberspace has been a matter of deep concern to stakeholders in the banking and other financial institutions for long. Indeed, this has compelled even the Office of the National Security Adviser (ONSA) introduce new strategies for the war on this pathetic national malady. With the CBN coming in, by way new policy and setting deadlines, hope is now on the rise that a concerted war in cybercrime is here already. This is cheering news on a crime that has been having a chilling effect on Nigerian banks and other financial institutions for too long.

Dambatta, a veteran journalist, writes from Kaduna via [email protected]

Related content you may like