BoG Cautions Banks To Guard Against Cyber Attacks

The Bank of Ghana (BoG) is advising the country’s banks to guard against vulnerability to cyber attacks. “The growing threat of cyber attacks has never been more pressing.
 
Recent instances of payment fraud demonstrate the necessity for industry-wide collaboration to fight against threats,” the central bank’s Second Deputy Governor, Mr Johnson Asiamah said.

He was addressing bankers at a workshop organised in collaboration with SWIFT, the global financial transaction messaging network, on the company’s Customer Security Programme (CSP).

The CSP incorporates five strategic initiatives which are improved information sharing, enhanced SWIFT-related tools for customers, enhanced guidelines and audited frameworks, support for increased transactional pattern detection and support by third party providers.

The one-day workshop was aimed at educating SWIFT’s community of its obligation to meet mandatory security requirements and the associated qualification process at a time hackers are targeting banks.

Threat

Mr Asiamah observed that an attack on a financial institution could lead to financial liquidity problems for a specific institution, and in turn destabilise it. The fact that money had been stolen from it and it had lost its financial stability could, in turn, destabilise the entire financial sector and in extreme cases, result in socio-economic chaos in the entire country.

Almost a year after one of the world’s most sophisticated cyber robberies took place in Bangladesh, where hackers went into the country’s central bank and sent instructions through SWIFT to steal $81 million, the case has not been to be solved.

Using the messaging network for cross-border payments, the cyber fraudsters transferred funds from the bank’s account with the New York Federal Reserve to private accounts in Sri Lanka and the Philippines.

According to The Economist, much of the stolen funds is yet to be retrieved; the masterminds are yet to be identified, but probe into the robbery by the Bangladesh authorities and the Federal Bureau of Investigations (BNI) revealed the strikingly sophisticated and international nature of the crime.

With that attack in mind, the BoG Deputy Governor said every financial institution was responsible for reviewing its cyber defences, with an integrated view of all organisational systems and processes, in particular, information communication technology (ICT).

Basic principles

Mr Asiamah said the central bank was committed to facilitating the development of comprehensive basic principles of cyber defence to ensure the flexibility required, given the accelerated pace of change in the cyber world.

“At all time, the BoG acknowledges that each bank has its own risk evaluation profile and that each would have to make the required adjustments to its business profile and unique operation characteristics. However, the security of the industry as a whole is a shared responsibility,” he said.

He said the launch of the CSP would help improve information sharing throughout the industry and the introduction of standards that the industry could work with.

The Chief Executive of SWIFT for Europe, Middle East and Africa, Mr Leo Punt, told the Daily Graphic that the reason for the CSP was because of “the evolving threat to cyber security. We want to make sure that we establish security controls in protecting our customers and creating a level of transparency among banks connected to SWIFT.”

He described the Bangladesh attack as a watershed event for SWIFT and the financial community and exposed the level of sophistication that cyber criminals had been adopting in order to carry out attacks.

Sealing the gap

Mr Punt advised banks to look carefully at the control frameworks that have been defined and make sure that the gaps in their processes and procedures were sealed, while implementing the control tools the CSP offered.

The control tools, he said, included multi-step authentication to protect their systems, non-reliance on only passwords but also on systems that provided additional layers of protection.