Stakeholders charge CBN, others on cyber-security standards

Worried by the rise in fraudulent activities, targeted especially at financial institutions, experts have charged the Central Bank of Nigeria (CBN) to uphold basic recommended cybersecurity standards and ensure compliance.

The operators added that the apex financial body should ensure that fintechs’ solutions are safe for use and that they obtain basic standards like the ISO Standards 27000, and the Payment Cards and Industry and Data Standards (PCIDSS).

Adding that cyber threat is a global menace, they urged individuals and firms to exercise online hygiene for safe and secure transactions, using the Two Factor Authentication (Two-FA) and other forms of authentication.

They said this during a media parley organised by the Information Security Society of Africa-Nigeria (ISSAN) on cybersecurity.

Adding to this, President, ISSAN, and Group Head, Operations & Technology, Eco Bank, Dr. David Isiavwe, said coding for financial solutions must be done with an end-to-end technology and thoroughly tested using CBN sound boxes for experimentation and testing.

On mobile security, he urged individuals to lock their SIM cards and install antivirus on their phones to prevent mobile malware that steals credentials.

He added that although awareness on cybersecurity is still low, ISSAN is working with key stakeholders and would adopt more strategies to sensitise people.

Noting that business email compromise is the main cyber threat target, Isiavwe said firms should educate their staff regularly on the evolving technology.

“The major challenge is awareness creation but people even rarely read the information on the Automated Teller Machine (ATM). So instead of using flash messages, we will use short audio and video clips.

“The fight from the regulatory standpoint is very good. One of the major checks the CBN has put in place is the BVN and the Two-FA (factor authentication) such that if someone steals your passwords, they can’t get the pin.

“These and many more are layered security and that’s to ensure that the system is safe and secure. The next level of security is the facial recognition for ATMs. Technology is pervasive but should be continuous to keep in track with the change,” he added.

Treasurer, ISSAN, Gbenga Ayegbusi, urged corporate organisations to implement the Sender Policy Framework (SPF) to eschew cyber criminalities.

Adding that most targeted attacks are done through social engineering, Ayegbusi said the SPF would flag phishing mails, business email compromise, escrow fraud, romance scams, and others.

According to him, “A business email compromise happens when a hacker gets unauthorised access to a business email account. They target companies that work cross country especially those with an open mail tool. Other ploys are spear phishing, social engineering, identity theft, email spoofing, and malware.”

He added that individuals should not be pressured to make online payments and exercise caution. This, according to him, includes name verification on the web, look out for suspicious signs and don’t share personal details.

He, however, added that technology is germane for the survival of anyone at this age.

Also, Chief Information Security Officer (CISO), Nova Merchant Bank, Femi Olofin Tila, said individuals should set up the Multi-Factor Authentication (MFA), a technology in the Microsoft Authenticator app, as security for their mobile phones.

He added that even when one’s password is stolen, it won’t be useful to the hacker. He advised users not to use the Short Messages (SMS) option due to the telcos challenge.