Cyber security is an asset customers trust

The year 2022 is behind us, but the cyber attack and computer-related fraud against the financial sector will linger on. Crimes against financial institutions overtime transitioned from physical robberies to computer engineered fraud initiated by blackhuts crackers who attack computer systems to obtain a customer’s personally identifiable information (PII) including financial information.

Following the Covid-19 pandemic outbreak, digital innovations and uptake have been unprecedentedly adopted by businesses and organisations spurring productivity, driving growth and profitability, and reimagining business interactions.

Financial service providers such as banks, and National Payment System platforms, are increasingly becoming reliant on interactions, opportunities, and relationships in cyberspace.  The uptake, however, has also attracted cybercriminals taking advantage of the security gaps in digital systems hence increasing the risk of data breaches. This means technical and financial investment in cyber security by organisations.

According to the Police Crime Report of 2022, a total of 286 cases of cyber crimes were reported compared to 258 cases reported in 2021, giving a 10.8 percent increase in this crime category. By the end of the year, 45 cases were taken to court, 9 cases were not proceeded with while 232 cases are still under inquiry. Out of the total cases taken to court, 5 cases secured convictions, 1 case was dismissed while 39 cases are pending in court. Cybercrimes led to a loss of Shs19,209,798,000 in 2022, out of which Shs16,790,000 was recovered.

Airtel Mobile Commerce Uganda Limited (AMCUL) remains the biggest victim; last year hackers had unauthorised access to their virtual money system, affecting its integrated money wallet plus eight of its business partners /aggregators.  Inquiries indicated that hackers gained access through one of the aggregators, a betting company and later on transferred money to over 1840 SIM cards, which were immediately withdrawn.

The same cyber attacks resulting in defrauding customers have been reported through civil suits instituted against financial institutions; unscrupulous transactions reportedly channelled customers’ deposits through their digital platforms or unauthorised access to banks’ security systems. The most recent being Stanbic Bank, all this bogs down the customer confidence and trust in usage of the affected digital platforms or system.

The foregoing is a warning that cybersecurity shouldn’t not only be looked at from the lens of cyber attack response but also holistic cybersecurity management for the above and following reasons. Cybersecurity is a strategic business enabler – implying that businesses must ensure organisation-wide transformation efforts to proactively take into account cybersecurity considerations. Cybersecurity must be positioned as one of the key pillars of the value system in any company or organisation. Business leaders must actively participate in cyber-related discussions, not leaving it to juniors or technocrats. The Board members need to be encouraged to participate in tabletop exercises so that they remain aware of their roles and responsibilities in responding to cybersecurity threats as well as influencing senior leadership to drive cybersecurity outcomes.

The goal is to build a culture that empowers top level management to productively interact with technology teams, marketing teams, and product teams to support large-scale digital transformation efforts amidst threats posed by cyber criminals. A customer should be confident in transacting over a payment platform or bank without the worry of the funds or financial data taking a wrong direction or being accessed by an unauthorised person.

It is a call to all the players that global investments to digitalisation are enormous and still growing due to the shifting curve in the financial sector. The dynamics of cyberspace, rapid digitalisation and the fast-growing number of threats is increasing fast on the attack surface. 

Many attacks and other incidents can be prevented by efficient threat intelligence, risk awareness and smart technological protection hence players in the financial sector must beef up their strategies in having robust security systems to counteract the ever-evolving threats in the tech world.

Cyber security affects everyone and all facets of life. Cyber security is a business problem and never purely a technical problem. Institutions must move away from viewing cyber security as a topic that is abstract, cumbersome, and intangible. Throwing money at the problem will not offer long-term solutions. A good cybersecurity strategy requires proactive collaboration – a ‘we-are-together-in-this’ approach that interconnects the goals of IT security teams and the executive leadership. Effective cyber security programmes and improved security awareness will protect business assets and information as well as prevent fall-outs from breaches.

A robust security system is an aorta to a customer’s trust in the digital age. Why not think of cyber security as an asset!

Solomon Murungi, Legal Associate  at  Muhumuza -Kiiza Advocates & Legal Consultants.