The Lion King | 7
Cover Story
O
nline fraudsters are like very
good football players dribbling
through defences to score
great goals. For online fraudsters, the
goal is access to sensitive corporate or
personal data. In October 2014, news
broke that the world’s biggest bank by
total assets, JP Morgan had suffered
one of the biggest cyber attacks in
the world with over 76 million sensitive
customer information likely to have
been stolen. The risk also affected
seven million small business customers.
Though the bank said no sensitive
information was stolen, the fact the
online fraudsters could breach the
defence walls of such a big bank set
alarm bells ringing on cybersecurity.
Cyber intrusions and attacks have
increased dramatically over the last
decade, exposing sensitive personal
and business information; resulting
in financial loss to individuals and
organizations, disrupting critical
operations, and imposing high costs on
the economy. For instance, reported
fraud attempt figure by Nigerian
Central Switch stands at N7.7billion in
2014, out of which the actual loss was
N6.2 billion.
The impact of cyber threats, when
successfully executed, can range
from financial loss for individuals and
organizations, reputation damage,
legal issues, regulatory compliance
issues, inability to continue business
and even national security issues.
For example, the CEO of Targets
Stores in the US recently lost his job
due to a major successful cyber
attack on the organization resulting
in the compromise of customer debit
and credit card information, which
resulted in a huge loss of funds to
bank customers across the globe that
have used their cards at Target Stores.
There have also been cases in Nigeria
where some Banks fired their Chief
Information Security Officer (CISO),
Chief Information Officer (CIO), Head
Internal Control and Head of Risk due to
successful Cyber attacks that resulted in
the loss of billions of naira.
Cybersecurity has therefore become a
major issue because of the increasing
financial activities in Cyberspace –
such as online banking transactions,
internet and mobile banking and
other e-Channels. People exchange
personal information with friends,
internet service providers, banks and
family members through social sites
(like Facebook, Twitter and other social
interaction sites) and emails freely in
cyberspace.
Cyberspace threats
Cyberspace provides seamless inter-
action amongst people and between
organizations and people through com-
puters and communicating gadgets
which makes it inherently prone to
attack by virtue of the vulnerabilities
existing in the communicating entities.
Though cyberspace is personal, in
that we interact based on our known
identities, it is also highly impersonal as
we interact based on impersonal codes
controlled through passwords and other
sensitive details like; user Ids, account
numbers, dates of birth or Social Secu-
rity numbers. Online fraudsters usually
target to take over your online pres-
ence by taking control of this sensitive
information.
Online fraudsters have become more
dangerous in the financial sector be-
cause more than 80% of interactions
between banks and their customers
now occur through the cyberspace,
ranging from e-channels to social me-
dia. These modes of interaction expose
both the bank and her customers to
cyber attacks from cyber criminals.
Security threats that are common in
cyberspace include:
Automated probes and scans:
the cy-
berspace is always being scanned for
vulnerabilities in order to exploit them
either for fun, espionage, sabotage or
other personal gain by the attackers.
Distributed attack tools:
there are a
great number of free tools or software
on the internet that are available to
cyber criminals to perpetrate their mali-
cious acts against their victims.
Email propagation of malicious code:
private and corporate persons are
constantly bombarded with phishing
emails. These emails serve as a medium
for transporting malicious code to end
users as attachments (either in excel,
word or any other file formats). By the
time the recipient of this email opens
the attachment, the hidden code in-
jects itself into the system to perform the
malicious activity.
Internet social engineering attacks:
some unsuspecting victims are lured
into rogue websites, provided by
attackers in order to collect sensitive
information that would enable them
launch successful attacks.
Targeting of specific users:
the cyber
identities of the users are always the
target of the fraudsters. Once the iden-
tities such as login credentials, Personal
Identification Number (PIN), credit card
details, etc. of their target persons have
been stolen, these are used to perform
malicious acts.
Wide-scale malware (Trojan, virus,
adware, worms, etc.) distribution:
These
are malicious programs written and
distributed in order to compromise a
target system either to make it unavail-
able to the legitimate user or steal vital
and confidential personal information
for personal gain.
Cybersecurity
As our lives and businesses increasingly
depend on the internet, it becomes
even more expedient to protect our
valuable information and data from be-
ing maliciously disrupted, intercepted
and used against us, as well as ensure
our use of the internet is not unduly
interrupted by malicious persons or pro-
grams. This can only be achieved by
implementing the necessary cybersecu-
rity procedures.
Cybersecurity is the process of applying
security measures to ensure confidenti-
ality, integrity, and availability of data.
Cybersecurity assures protection of
assets, such as data, desktops, servers,
and most importantly, humans.
The whole essence of cybersecurity is to
protect data both in transit and at rest.
To achieve this, control measures are
put in place in order to ensure security
of data. Some of these measures in-
clude, access control, security aware-
ness, cryptography, security monitoring,
vulnerability management, and security
assessment, among others.
So, how secure are
you?
The successful implementation of cyber
attack countermeasures starts with
security awareness. When people or
organizations are aware of the dan-
gers faced in using the internet, they
will readily appreciate the need for
imbibing good security practices. UBA
has continuously carried out her security
campaigns to educate not only the
customers but the staff and partners on
the importance of cybersecurity.
UBA takes cybersecurity very seriously
and goes the extra mile to ensure her
