The Lion King | 19
What is cybersecurity all about?
Today, our daily life revolves around
two worlds which are the physical or
the real world and the Cyberspace.
The term "cyberspace" stands for the
global network of interdependent
information technology infrastructure,
telecommunication networks and
computer processing systems. This
global network supports the various
activities that are carried out in
cyberspace.
The significant reliance on cyberspace
in conducting critical activities and
all its advantages has come with
increased risk of theft, fraud, and
abuse. ‘Cybersecurity’ therefore refers
to the processes, systems and practices
that a nation, organization and
individuals have in place as a defence
against Cyber threats.
How much should people care about
the Cyber threats?
Cyber threats are real and no one
should feign ignorance of the negative
impact of Cyber intrusion and attacks
on individuals, organizations and a
nation. Cyber threats also affect the
family. Children today have access
to the internet which exposes them
to poisonous materials and predators
online. Parents should therefore be
worried about Cyber threats.
What are the Cyber risks faced by the
average bank customer?
The average bank customer is faced
with various risks such as identity theft
resulting in identity fraud, card cloning
resulting in card fraud and online
shopping and online payment fraud.
Fake website:
The Cyber criminals often
target unsuspecting customers’ online
banking credentials by establishing a
bogus website that have a normal look
and feel as a bank’s authentic website
and then sends a mail to the customer
with a link to the Phishing or fake
website. In most cases, they send a
mail telling the customer that their Bank
has upgraded their system and there
is a need to revalidate their access
credentials in order to continue to use
the system’.
False e-mail
: In some other cases, they
send a mail to the customer prompting
the customer that a transaction
occurred in their account and they
need to click on the link provided to
confirm they initiated the transaction’.
Once a customer falls for the gimmick
and enters the online credential,
the fraudsters would receive the
information and would hit their bank
accounts in a matter of minutes.
Cloned cards:
There are various
ways a Bank customer’s Debit or
Credit card is cloned and used to
defraud such customer’s account.
The compromise can happen when
a card is used on an unsecured ATM
that has a skimming device planted
to capture the customer’s magnetic
strip card information and also a tiny
camera well positioned to capture the
customer’s PIN. The compromise can
also happen if a customer goes to a
store, hotel or any merchant location
and then hands-over his or her card to
the attendant without monitoring how
the card is used. The attendant can
swipe the card on a portable skimming
device to capture the card information
before using the card on the authentic
POS device. Also, Bank customers
that try to shop online and use their
debit card on unsecured websites of
unknown organizations equally run
a risk of the card information being
compromised.
How well are banks like UBA protected
against Cyber invasion?
No bank is immune from Cyber attack,
however, it is expected that each bank
should be proactive in building the
required defence mechanism against
Cyber attack. No organization can
boast of a 100% guarantee against a
Cyber attack but banks are expected
to be proactive in implementing
systems and processes that would help
detect any Security Breach and also be
well positioned to respond in quick time.
Threat from insiders can be a big risk
in cybersecurity, how do we guard
against it?
Insider threat is the biggest risk in Cyber
security, the reason being that an
insider understands the system in and
out. The insider understands the strength
and weakness of the system.
To guard against insider threats
requires discipline and stringent
internal processes that would not
leave things to chance coupled with
a heightened internal monitoring
and forensic procedure. For instance,
guarding against Insider threats starts
from recruitment stage, a thorough
background check and fidelity test
needs to be carried out for employees
that are being recruited to occupy
sensitive roles such as Systems
Administrators and Internal Application
developers.
Secondly appropriate information
security policies, processes and
procedures that must be implemented
to influence how things are done in
the organization must be in place.
Some key activities such as User
Access creation, changes to system
configuration and modification to
application must be approved.
Database back-end activities such
as Insert, Update, Delete need to
be controlled. Access Control in
information security parlance is said
to be the first line of defence, as such
individuals should be granted access to
the system based on ‘the need to have
and the need to do’.
The roles and responsibilities of staff
should be well segregated to provide
for internal checks and balances.
Staff should not be allowed to
play incompatible roles to avoid
compromise. It is also crucial that Audit
log should be activated on all critical
systems to track user activities. Thirdly,
after all the preventive measures are in
place, solid security monitoring is a key
requirement for detecting any internal
wrong doing.
UBA has robust IT Security Policy that is
regularly updated to drive how things
are done. Our solid internal processes
such as our Change Management
Process, and Application Deployment
process have also helped to heighten
the Bank’s level of security.
The Bank equally has an enhanced
Access Control Management process
as second factor authentication, using
Entrust Token that has been integrated
to the Bank’s critical application to
guard against user identity theft, ensure
accountability and non-repudiation.
Access to privilege user account such
as Super User is under dual control
between two different departments.
The robust monitoring through the
Security Operations Centre using some
of the tools deployed such as Employee
Fraud monitoring tool and Database
activity monitoring tool and other
forensic tools enables us to keep things
in check.
Cyber security awareness campaigns
often evoke some degree of paranoia
among cyberspace users, especially
regarding financial transactions.
What are you doing to reassure our
customers?
What we do to reassure our customers
is to keep them informed of the security
measures we have implemented to
ensure they have safe online banking.
For example, when we introduced the
use of physical Token for online banking
authentication, customers were notified
of the benefits of using Token as an
enhanced online security measure.
When we also commenced our real-
Ask the Executive
