Business News of Thursday, 25 May 2023

Source: thebftonline.com

BoG takes steps to curb cyber threats

Implementation of the directive was phased over 36 months Implementation of the directive was phased over 36 months

The Bank of Ghana (BoG) has inaugurated an advanced command centre, the latest in its cybersecurity infrastructure, established to ensure the delivery of a safer digital financial industry.

Dubbed the ‘Financial Industry Command Security Operations Centre (FICSOC)’, the move comes in the face of increased cybersecurity risks in the country and across the world. The facility is the first of its kind, funded and owned by a central bank in the sub-region.

It also forms a core part of BoG’s efforts to share threat intelligence, create industry situational awareness and improve the incident-response of regulated institutions.

In 2018, the BoG issued cyber and information security directives for banks and other regulated institutions with the expectation that all regulated financial institutions would implement the required security management system controls to ensure the delivery of a safer digital financial industry.

Implementation of the directive was phased over 36 months, with thorough effective monitoring and supervision among the regulated banks.

As these institutions worked toward full implementation of the directive, the BoG said it became necessary to establish an industry security information and event management system (SIEMS) to enable these institutions implementing SIEMS to send logs and alerts, aggregate information and reports.

It is against this backdrop that the bank initiated the Financial Industry Command Security Operations Centre project.

The Vice President, Dr. Mahamudu Bawumia – who was guest of honour at the inauguration event, reckoned that the project will contribute to improving cybersecurity issues among financial sector institutions and beyond.

He said the use of digital technologies continues to transform the business models of financial institutions with new revenue and value-producing opportunities: “While these digital technologies support banking services and enable banking strategies, the underlying security vulnerabilities pose key cyber risks among those institutions.

“Cybersecurity risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness; and therefore any severe cyber-attack could threaten the financial system’s stability,” he added.

According to the Vice President, the Basel Committee on Banking Supervision – the primary global standard for prudential regulation of banks – has recognised the evolving nature and scope of cyber risks, and called on banks to improve their resilience to cyber threats and incidents in line with the national cybersecurity strategy of countries.

It is to enhance cyber resilience in the Ghanaian banking and financial industry, he said, that the BoG issued its Cyber and Information Security Directive (CISD) in October 2018 – which largely defines the industry’s approach to cybersecurity defence and response.

The directive required that each regulated financial institution implement a SIEM technology that provides real-time analysis of the security alerts which network, hardware and applications generate, and create a Security Operations Centre (SOC) to be operated by designated employees to serve as its cyber nerve-centre.

The BoG was to establish an industry SIEM system to receive logs/alerts, aggregate information and reports from each institution’s SIEM. These requirements, he said, formed the FICSOC project’s foundation.

As of April 2023, he said, all commercial banks had been connected to the FICSOC; and reporting of cyber threat intelligence in the form of FICSOC alerts and FICSOC advisories is being communicated to these banks.

FICSOC is a threat intelligence-sharing platform designed for secure sharing and collaboration, as well as to facilitate the analysis and prioritisation of risks, the allocation of resources, and the understanding of threats tailored to each regulated financial institution and the banking industry.

With a coordinated approach between the regulator and member-banks, he said, FICSOC will support regulated financial institutions to collaboratively fight cybersecurity threats while maintaining independence and confidentiality in day-to-day operations.

For his part, the Bank of Ghana Governor, Dr. Ernest Addison, observed that the FICSOC will help provide real-time visibility into cyber threats and attacks targetting the banking sector.

To this end, he said, BoG and the cybersecurity authority are collaborating to improve the banking sector’s cybersecurity posture.

In particular, he stated, the two institutions are discussing various ways to approach the implementation of the Cybersecurity Act 2020, Act 1038, for the sector.