In so doing, concerned organs must create synergies as a way of enhancing information sharing among themselves so as they could collectively assess cyber security threats and confront them in a stronger manner.
This was part of the views shared at a one-day consultative meeting held yesterday at Rwanda National Police (RNP) and attended by top officials representing all financial institutions in the country, telecoms and security organs.
Speaking at the opening of the meeting, the Inspector General of Police (IGP) Emmanuel K Gasana reminded attendants that, government has developed a National Cyber Security Strategy and established a National Cyber Security Agency that links security organs public and private sector agencies.
“In addition to cyber crime punishments in the penal code, cyber crime investigation centers have been established to focus on building national capabilities to investigate cyber crimes retrieve and analyze digital evidence from variety of sources,” he said.
In developing its capacities and capabilities to respond to cyber crimes, Police has introduced Information Security Faculty at the National Police College (NPC), establishment of an African Regional Center of Excellence on fighting cyber crimes is in the offing as well as enhance regional and international policing partnerships.
The organs that attended the meeting have been upping their security systems over the past years, not only because of what they’ve seen in the news, but also because some large firms have taken hits and witnessed fraud attempts firsthand although most of them were foiled.
In fact, according to the central bank governor, Mr John Rwangombwa, over the past decade, the financial sector has changed considerably with the emergence of the Internet and the use of new information technologies.
“However, despite the fact that internet development and FinTech growth has brought better control of operational risks, it has also triggered the emergence of new risks. The rapid expansion of networks and technologies, the opening of IT systems to external exchanges, the growing amount of electronic transactions and big data have caused the emergence of a new type of crime dubbed Cybercrime,” said Rwangombwa.
He added on that, today, cyber and data security has remained a priority issue for the financial sector given that, criminals are constantly searching for creative new ways to obtain money from banks and customers through fraud and cybersecurity vulnerabilities.
The governor stressed that most cyber-attacks are a result of financial malwares, which take advantage of weaknesses in some layers of IT Governance including but not limited to; Lack of guiding operational policies and procedures, lack of regular compliance review, lack of security awareness, absence of systems monitoring, lack of basic security hygiene, to mention but a few.
“The pace of expansion of the digital world is increasing and hence, technology adoption should be conscious, purposeful and value adding. Under the emerging circumstances, banks need to be mindful of likely attacks from within the bank’s internal core systems and try to plug such vulnerabilities. Banks need to practice “Cyber Hygiene” and my hope is that our Boards and Top Management develop early sensitivity to this important task,” said Rwangombwa.
Records have it that, in 2015, cybercrimes cost the global economy about $126 billion, $450 billion in 2016, approximately $575 in 2017 and is predicted to cost $2 Trillion by 2020. African countries are reported to have lost at least $2 billion in cyber-attacks in 2016. From all cyber-attacks recorded globally, more than 52% target financial institutions. Amongst these, more than 55% target banks, and 24% target Payment Systems.
In his presentation, the Commissioner for IT and Cyber Crime Investigations, ACP Peter Karake outlined some of the likely drivers for cyber crimes and among those include gaps in regulating laws, increase of new forms of modern technology, global connectivity, corruption and low expertise in IT security stems among others.
He however pointed out that, to beat the cyber criminals, there is need to cooperation and share information timely, adoption of cyber security protection policy, public awareness campaigns, establish IT security standards , capacity building continuous risk and threat assessment and research and development among other measures.
On awareness and IT standards, experts at the meeting observed that there is need for every institutions to have basic checklists of IT security standards and also stated that agencies can spend thousands of dollars on great technology infrastructure … but if one of their associates doesn’t follow the rules … and they inadvertently click on a defective link, or they inadvertently respond to a fraudulent email, there’s no tech spin that’s going to protect an institution from that.
Representatives of banks emphasized on the standard security skills for their employees where the CEO of Bank of Kigali Diane Karusisi committed both financial and human resources for trainings and awareness campaigns on cyber security.