By Tumininu Ojelabi Hassan
The Nigerian financial sector tussle with cyberattacks has led to banks adopting measures to protect the data of their customers as this is a major threat affecting the banking industry today.
The growing wave of cyberattacks is a cause for concern as hackers continually develop tactics and strategies with data extraction emerging as the commonest strategy utilized by hackers, which entails targeting and extracting customers’ and employees’ data, that could be deployed for blackmail and threat of public leaks.
Recently, Mr. Sennaike David, an Information Security Expert, a Bug counter hacker and founder of Sennaike Consulting Limited, revealed the deleterious state of cybersecurity in financial institutions. He came across a post stating that they were selling the private data of a Nigerian fintech, Access to servers, Username, Password, API Keys and Private customer data, which includes BVNs, Phone numbers, Names and Emails. His findings exposed the cybersecurity loopholes and vulnerability ravaging the financial institutions, thereby posing severe damage to customers and stakeholders.
The Financial Institutions Training Centre (FITC)’s report on Fraud and Forgeries in the Nigerian Banking Industry revealed that bank customers lost a total of N3.62 billion to fraud in Q3 2022, indicating a 207.94% increase compared to N.1.7 billion recorded in Q2 2022.
Mosopefoluwa Amao, a Cybersecurity expert, who interacted with our correspondent, shed light on the major factors worsening cybersecurity in financial institutions. She disclosed that the responsibility is not on banks only, customers also have a role to play.
“The weakest links in cybersecurity are Humans. This is because humans are not predictable but systems can be configured to get a desired result. Customers are supposed to play their part to avoid hacking. A lot of bank customers post sensitive information about them on social media while some click phishing links and that’s basically what hackers operate with.
“When you go through some people’s social media accounts, you will find out their name, age, date of birth, location and account details without prior conversation with them. Some bank customers give out their information and passwords carelessly.
Before an hacker can have access to a customer’s account, it’s either the person shared sensitive information about them or they clicked on a phishing link. Before hacking can occur, someone has definitely done something; that’s why I said the weakest links in cybersecurity are humans.
“This is why banks advise their customers against giving out sensitive information about them to avoid hacking. If you check dark web, they are selling people’s personal data. To check if your email address has been exposed to cybersecurity attacks, input your email address on haveibeenpwnd.com, this website will indicate if your email address has been exposed to cyberattack,” she expatriates.
She attributed the major reason for cyberattacks on negligence and non-prioritization of cybersecurity in Nigeria. “When a bank experiences a cyberattack, it’s because the IT experts in the bank are not doing their job well. No matter how good or sophisticated a bank’s system is, if it’s not properly configured and secured, it’s prone to cyberattacks.
“It’s important to note that no system is 100% secure, for instance, if a system is 98% secured, the 2% loophole is what hackers want to find out. As an IT expert, your job is to make sure the 2% loophole is not known. A bank can experience a cyberattack when IT experts do not perform their duties appropriately, when there are patches, segmented networks, when the IDS/IPS, PCIDSS (Payment
Compliance Framework) are not in place.
“It’s not the system’s fault, it’s the fault of the experts that didn’t configure and update the system properly against cyberattacks. Hackers work with information, their target is to get information from the bank’s systems for financial gain either from the bank or other hackers.
In addition, she suggested the procedures banks need to adopt to avoid cyberattacks.
“Banks can avoid cyberattacks by adopting best security practices, avoiding understaffing by hiring experts, paying experts well and providing IT experts with tools”, she added.
To prevent customers from falling prey to cyberattacks, one of the measures adopted by banks is to send messages and email to their customers warning them not to share sensitive information about them with anyone. Below is an example of such email from Wema bank to its customers.
“Dear Esteemed Customer,
If you suspect that an email, SMS, phone call, or any other form of communication is fraudulent, it probably is. It is important to take all necessary steps to ensure that you don’t get scammed. Do not share your personal details, click on links you are not sure of, or respond to strange callers asking for your bank details.
“Note that no staff member of Wema Bank will call you to request your PIN, BVN, CVV, hard token, or OTP. Stay alert and contact us here: 080-3900-3700 if you have suspicions about any scam-related message you have received. Cheers,” Wema bank warned.
Aside warning customers against sharing their information with scammers, banks run system maintenance incessantly to update their systems against cyberattacks. During this system upgrade, customers will experience challenges on digital channels. However, the banks inform its customers ahead of a system upgrade. Below is an example of an email a customer of FCMB received from his bank.
“Please be informed that we will be running system maintenance from 12am to 4am (West African Time) on Saturday, May 13, 2023. During this period, you may experience intermittent challenges on our digital channels. We sincerely apologize for any inconvenience this may cause.
“If you require assistance during this period, please call our 24/7 Contact Centre on 07003290000, send an email to [email protected] or chat with us on WhatsApp via 09099999814 or 09099999815,” the email stated.
Recall that in February 2023, Flutterwave, a Fintech in Nigeria lost N2.9 billion through hacking. According to Flutterwave’s legal counsel, Albert Onimole, the money was illegally transferred to 28 bank accounts in 63 transactions.
The Federal government says it is partnering with the World bank and other relevant institutions to enhance cybersecurity in Nigeria and to protect Nigeria’s digital infrastructure, businesses and citizens.
The Minister of Communications and Digital Economy, Isa Pantami stated this at the opening of a two-day Cybersecurity Stakeholder Capacity Building Workshop, which held in Abuja in March 2023.
“We shall also discuss investing in cybersecurity, increasing awareness of cyber threats and their potential impact on businesses and organisations and the next steps we should all consider, to improve collaboration for the general well-being of our cyber space in Nigeria. In Nigeria, the digital economy is rapidly growing and with that growth comes the need for heightened cybersecurity measures and robust partnerships like the one we have with the bank,” he said.
“We are partnering with the Office of the National Security Adviser (ONSA) and other institutions to ensure that our cyberspace is more secure. This is because the task of securing our cyberspace cannot be achieved by the government alone. It requires a collaborative effort from all stakeholders, including the private sector, civil society organisations, and academia. This workshop is part of our efforts to achieve this goal.
“In conclusion, the time to act is now and I urge you all to take this issue seriously, contribute meaningfully to this workshop and let us forge a resilient and robust cybersecurity culture in Nigeria,” he added.
News continues after this Advertisement
Click Here For The Original Source.
————————————————————————————-