Hello

Your subscription is almost coming to an end. Don’t miss out on the great content on Nation.Africa

Ready to continue your informative journey with us?

Hello

Your premium access has ended, but the best of Nation.Africa is still within reach. Renew now to unlock exclusive stories and in-depth features.

Reclaim your full access. Click below to renew.

Caption for the landscape image:

On cybersecurity ahead of festivities

Scroll down to read the article

Writer: Steven Mwesige. PHOTO/FILE/COURTESY

A flurry of incidents in the news of cybersecurity breeches in recent weeks are a cause for concern, but with a better understanding of cybersecurity, they need not be our new reality.

In the old days, when transacting with your bank, it was mostly face-to-face transactions. You would walk into the bank, line up to be served, meet a bank official, who would help you transact whatever you wanted.

That looks very crude these days where only two in 10 transactions are carried out over the counter, a statistic that is mirrored across the industry.The adoption of automation and Information Technology (IT) has been good for industry clients, who need not come to the banking hall anymore to transact business, but can carry out their business 24 hours, seven days a week in the comfort of their homes.Looking back to an earlier time, with less face-to-face contact, the incidents of crime or attempted crimes have increased across the industry.

Enter cybercrime, defined as illegal activities carried out using computers, networks or the Internet.In order to combat this new crime, a better understanding of the threat by industry experts, but especially the general public, is important.There are many risks that facilitate cybersecurity, but one major risk is insider threats.

These can apply to companies and organisations but also to individuals, where intentionally – someone close to you, who knows your credentials, steals your money or unintentionally, where a person is not careful about their personal cybersecurity, allowing criminals access. This maybe by being conned into revealing your identity or security credentials.It is naïve to believe that no one would be interested in you because maybe, you have a low income. The way cybercriminals often work is by trying out many people, say hundreds of victims, so if a fraction of these fall for the scam and are relieved of a few thousands, this spread over many people add up.

So, for starters, no one is safe. As we go into the festive season, we should be very careful, especially as the number of online transactions is bound to increase, making it difficult for cybersecurity officials to determine which activities constitute cybersecurity breeches.

Thankfully there is increasing collaboration within the industry, across the economy and with government to secure our systems to minimize the risk of cybercrime.

This is necessary, even critical, because in an increasingly connected world cyber-attack need not and often do not come from near you. Since the crime is global, we are seeing increasing collaboration in a sector where previously financial institutions were content to suffer their losses quietly for fear of reducing confidence in the victim bank.The challenge with this kind of secrecy in the face of this new crime is that the perpetrators can then go and replicate the same scam in another institution without fear of being detected.

With greater collaboration we can meaningfully reduce the risk to the industry and our clients.Increased collaboration to stave off cyber-attacks is not enough. There needs to be a widespread effort to highlight cybersecurity as worthwhile career path. Our rate of connectivity is rushing far ahead of the cybersecurity professionals passing out of our institutions. It is important that that trend is reversed in view of the increasing threats via cyberspace.

From a purely nationalistic level can we ensure enough cybersecurity professionals to man our critical systems and eventually take over the sector?Already there is a multisectoral committee being spearheaded by industry regulators such as the central bank to bring our policies and regulations up to speed with this threat.

An initiative to subsidize the training of cybersecurity professionals would be very welcome.

We should be concerned but not fearful, the difference being if we are concerned, we can take the necessary steps to safeguard ourselves from cyberattacks as opposed to being fearful and paralyzed against taking any action.

Steven Mwesige is PostBank’s head of ICT security and
governance