As a result of the increase in cybersecurity threats on other financial institutions (OFI), the Central Bank of Nigeria has issued a Risk-based Cybersecurity Framework and Guideline for OFIs.
This was disclosed in a circular titled; EXPOSURE DRAFT OF RISK-BASED CYBER SECURIT FRAMEWORK AND GUIDELINES FOR OTHER FINANCIAL INSTITUTIONS, signed by the Director, other Financial Institutions Supervision, NKIRU E. ASIEGU.
The apex bank considered the dependency of financial institutions on Information and communication technology (ICT) in their daily operation and the rise in the cybersecurity threats and attacks against financial intuition; hence it was mandatory to implement a cybersecurity measure to mitigate those risks.
The CBN established that cybersecurity resilience was crucial for enhancing financial intuitions, as cybersecurity resiliencies considerers an organization’s ability to maintain normal operations despite all cyber threats and potential risk in its environment, providing the assurance of substantiality for the organization using its governance, interconnected network, and culture.
According to the CBN, the purpose of the guideline are as follows
- Create a safer and more secure cyber environment that supports information system security and promotes stability of the OFI sub-sectors
- Contribute towards the prevention and combating of cybercrime in the OFI sub-sectors
- Promote the adoption and implementation of best practices and appropriate cybersecurity standards by OFIs
- Promotion and maintain public trust and confidence In the OFI sub-sectors
- Promote a cybersecurity culture and awareness through continuous capacity building and skill development.
The CBN also said, “OFIs should note that for a cybersecurity programme to be successful, it must be fully integrated into their bushiness goal and objectives and must be an integral part of the overall risk management process.
The framework provides a risk-based approach to managing cybersecurity risks. The document comprises six parts; Cybersecurity Governance and Oversight, Cybersecurity Risk Management system, Cyber resilience Assessment, Cybersecurity Operational Resilience, Cyber- Threat Intelligence and Metrics, Monitoring.”
Why this matters
Given financial institutions’ reliance on Information and communication technology (ICT) in their everyday operations and the growth in cybersecurity threats and assaults against financial institutions, it was necessary to establish a cybersecurity strategy to reduce the risks.