The Inspector General of Police (IGP), Kayode Egbetokun, has counselled financial sector and business owners over the growing sophistication of cyber threat and consequent attacks on their databases and businesses.
The IGP, who spoke at the weekend through the Chief Superintendent of Police (CSP), Bashir Abdullahi, at the Moniepoint Staff Retreat in Abuja, also urged the financial sector and business owners to take proactive steps in the protection of their databases and be ahead of potential hackers.
Egbetokun also listed safety tips in combating Cybercrime and fraud related issues in the financial sector.
Presenting the safety tips on behalf of the IGP, Abdullahi, who is also the Assistant Director Forensic, Nigeria Police Force National Cybercrime Center, NPF-NCC, said there is the need for the stakeholders to know the Impact of Technology in the Financial Sector.
He said, “As technology transforms the financial landscape, it introduces unprecedented opportunities and challenges. “The digitalization of financial transactions has streamlined processes but also opened avenues for cyber threats. Cyberattacks are evolving in complexity and frequency.”
He also spoke on the Financial Sector Vulnerability, saying that the development has led to digitization of financial transactions and centralized storage of sensitive customer information.
Abdullahi further dwelled on importance of Cybersecurity, saying that it is important for the financial sector to protect their customers data and ensure their trust.
He added that the financial sector and business owners must safeguard their financial assets and stability and prevent financial losses.
Speaking on the growing threat of cybercrime, CSP Abdullahi mentioned the Cyber Threat Landscape and listed type of Cyber Threats to include Phishing attacks, Ransomware, DDOS attacks and Insider threats.
He further advised the stakeholders in the financial sector to know their enemies, saying that the common tactics used by cybercriminals are Social Engineering, Malware and Exploiting Vulnerabilities.
Regarding transaction vulnerabilities, Abdullahi said the stakeholders in the financial sector must identify the Weak points in financial processes and take note of regulatory challenges by balancing innovation with compliance.
On why financial sector is a prime suspect, Abdullahi disclosed that the goldmine for cybercriminals is Data, saying that valuable financial data remains personal information and transaction history.
He therefore listed the following safety tips for the stakeholders:
●Layered Defense
●Employee Training
●Collaborative Cybersecurity Culture
●Regulatory Compliance
●Continuous Monitoring and Threat Intelligence.
On the need for Strong password policies, Abdullahi recommended the following procedures:
Multi-factor authentication (MFA).
Regular software updates.
Secure Communication Practices
Speaking on building a fortified defense, Abdullahi urge the stakeholders to invest
in robust network security with strong firewalls, intrusion detection systems, and encryption protocols.
On Human Firewall, he said, “ Employees are often the first line of defense. Training programs should be implemented to educate staff on:
●Threats and best practices
● identifying and reporting suspicious emails including clear communication channels.
He further spoke on promoting a cybersecurity culture, saying that the development will foster
a sense of responsibility among employees.
Abdullahi also dwelled on cross-functional collaboration involving the IT, legal, and management in cybersecurity, saying that the reporting and incident response procedures will establish a clear protocol for reporting incidents.
On collaborative cybersecurity culture, Abdullahi said collaboration with industry peers, law enforcement agencies, and cybersecurity organizations is essential.
Regarding the navigating the compliance maze, Abdullahi said compliance with Regulations and Standards is compulsory.
He said, “Financial institutions are subject to various regulations and standards, such as Nigeria Data Protection Act (NDPA), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI-DSS), which require them to implement specific security controls to protect their information assets.
“Failure to comply with these regulations can result in significant financial penalties and legal liabilities including reputational risks.”
The presentation also reads in part, “OVERVIEW OF KEY REGULATIONS
NIGERIA DATA PROTECTION REGULATION
NDPR governs the way we use, process, and store personal data (information about an identifiable, living person)
“GRAMM LEACH BLILEY ACT
The GLB Act is to ensure that financial institutions and their affiliates safeguard the confidentiality of personally identifiable information (PII) gathered from customer records in paper, electronic or other forms.
“CONTINUOUS MONITORING AND THREAT INTELLIGENCE
Continuous monitoring using advanced analytics and artificial intelligence enables us to detect and respond to suspicious activities in real-time, staying proactive in the face of evolving cyber threats. The goal is to stay ahead of emerging threats and respond swiftly to potential security incidents. Please take note of the following measures:
.Secure Network Infrastructure
•Data Encryption
•Employee Training and Awareness
•Continuous Monitoring
•Compliance
“SAFEGUARDING TOMORROW’S FINANCES TODAY
•Collaboration and Information Sharing
•Customer Education
•Regular Audits and Assessments
“In conclusion, safeguarding the financial sector against cybercrime and fraud requires a comprehensive and proactive approach.
“Financial institutions must prioritize employee education, technological fortification, customer awareness, and collaboration to build a resilient defense against the ever-evolving landscape of digital threats.
“Continuous adaptation to emerging risks and adherence to best practices will be crucial in maintaining the integrity and security of financial operations.”
NCCC can help!
, Kayode Egbetokun, has tasked business owners over the growing sophistication of cyber threat){kind=link}