Steven Mwesige, Head of ICT Security and Governance at PostBank

By Steven Mwesige

A flurry of incidents in the news of cybersecurity breaches in recent weeks are a cause for concern, but with a better understanding of cybersecurity need not be our new reality.

In the old days, when transacting with your bank it was mostly face-to-face transactions. You would walk into the bank, line up to be served, meet a bank official who would help you transact whatever you wanted.

That looks very crude these days where only two in ten transactions are carried out over the counter at PostBank, a statistic that is mirrored across the industry.

The adoption of automation and Information Technology (IT) has been good for industry clients, who need not come to the banking hall anymore to transact business, but can carry out their business 24 hours, seven days a week in the comfort of their homes.

This increased convenience has improved efficiency on a personal and macro level, driving the economy to new heights.

This new convenience has led to an increase in industry metrics, wherever you look be it deposits, lending and increased interaction with financial institutions.

Looking back to an earlier time, with less face-to-face contact the incidents of crime or attempted crimes have increased across the industry.

Enter cybercrime, defined as illegal activities carried out using computers, networks or the internet.

Using your own personal interaction with your bank the shift to digital services has heightened the need to do Know Your Customer (KYC) validations without physical presence. As explained above, this has allowed over the counter interactions to fall precipitously, and the trend is continuing.

We can all agree that we are not willing to go back to an earlier, slower, less convenient time. That being as it is, the need therefore for beefing up our cybersecurity capabilities is urgent and critical. As a bank whose purpose is to foster prosperity for Ugandans, investing in systems that ensure that customers transact conveniently and in a more secure environment is key.

In order to combat this new crime, a better understanding of the threat by industry experts but especially the general public, is important.

There are many risks that facilitate cybersecurity, but one major risk is insider threats. These can apply to companies and organisations but also to individuals, where intentionally – someone close to you, who knows your credentials steals your money or unintentionally, where a person is not careful about their personal cybersecurity allowing criminals access. This may be by being conned into revealing your identity or security credentials.

It is naïve to believe that no one would be interested in you because maybe you have a low income. The way cyber criminals often work is by trying out many people, say hundreds of victims, so if a fraction of these fall for the scam and are relieved of a few thousands, this spreads over many people. So, for starters, no one is safe.

As we go into the festive season, we should be very careful, especially as the number of online transactions is bound to increase making it difficult for cybersecurity officials to determine which activities constitute cybersecurity breaches.

Thankfully there is increasing collaboration within the industry, across the economy and with government to secure our systems to minimize the risk of cybercrime.

This is necessary, even critical, because in an increasingly connected world cyber-attack need not and often do not come from near you. Since the crime is global, we are seeing increasing collaboration in a sector where previously financial institutions were content to suffer their losses quietly for fear of reducing confidence in the victim bank. 

The challenge with this kind of secrecy in the face of this new crime is that the perpetrators can then go and replicate the same scam in another institution without fear of being detected. With greater collaboration we can meaningfully reduce the risk to the industry and our clients.

And again, just because we are a relatively poor country, we should never think that the criminals will give us a break.

Cyber criminals are always looking for the lowest hanging fruit. They will go to where they believe it is easier to steal money. So, if our systems do not keep up with the times, as a country we are vulnerable to attacks any day, anytime.

Increased collaboration to stave off cyber-attacks is not enough. There needs to be a widespread effort to highlight cybersecurity as a worthwhile career path. Our rate of connectivity is rushing far ahead of the cybersecurity professionals passing out of our institutions. It is important that that trend is reversed in view of the increasing threats via cyberspace.

From a purely nationalistic level can we ensure enough cybersecurity professionals to man our critical systems and eventually take over the sector?

Already there is a multisectoral committee being spearheaded by industry regulators such as the central bank to bring our policies and regulations up to speed with this threat. An initiative to subsidize the training of cybersecurity professionals would be very welcome.

We should be concerned but not fearful, the difference being if we are concerned, we can take the necessary steps to safeguard ourselves from cyberattacks as opposed to being fearful and paralyzed against taking any action.

The author is the Head of ICT Security and Governance at PostBank Uganda.

Tagged: