Coronavirus: Banks Ready To Fight Escalated Cyber-attacks
As Ghana’s economy prepares for changes that COVID-19 seems to be introducing, it has become very critical for the banking sector to intensify the cybersecurity aspects of their business continuity strategies.
Last week, the Bank of Ghana admonished all Banks, Savings and Loans Companies, Finance Houses, Microfinance Institutions, Rural and Community Banks and Foreign Exchange Bureaus to activate their business continuity and catastrophe recovery plans.
Conversely, there are increasing worries among the financial intermediation firms and their clients that those strategies aim primarily at keeping their operations running in the face of disruptions to their physical and ICT-driven product and service delivery platforms, rather than on higher firewalls in a situation where digital platforms have to be used as a substitute for physical platforms.
As asserted by one digital banking chieftaincy, “The risk of cyberattacks, in the era of COVID-19, has become the unseen threat rising in the digital space. These attacks would prey on the increased reliance on digital tools and the uncertainty of the crisis”.
In an interview, the Head, Technical Operations, e-Crime Bureau, Mr Philemon Hini said, “most people are likely to subscribe to online banking as a result of the pandemic. This is because, if the lockdown continues and the situation does not improve, people will have to solely rely on internet banking for their day to day transactions.”
He cautioned, “That is where the threat is. So, we would be seeing a lot of attacks in the area.”
It is therefore imperative on the part of banks to integrate cyber resilience into their broader business continuity strategies to increase their ability not only to protect against a data breach but to detect when one has happened and tackle it.
Experts caution that most often cybercriminals take advantage of human weakness to infiltrate systemic defences. In a crisis situation such as the COVID-19, especially if prolonged, people tend to make mistakes they would not have made otherwise.
Mr Hini pointed out, “For the online, making a mistake in terms of which link you click on or who you trust with your data can cost you dearly.”
The COVID-19 is being used in several malicious campaigns being executed in virus afflicted countries, including email spam, Business Email Compromise, malware, ransomware, malicious domains, among others. As the number of those afflicted by the virus continues to rise, campaigns that use the disease as a lure likewise increase and banks in Ghana are now being asked to prepare themselves.
According to Check Point, from January 2020, there have been over 4,000 coronavirus-related domains registered globally of which 3% have been found to be malicious and an additional 5% suspicious.
Mr Hini pointed out that already this year, some companies and financial institutions in Ghana have struggled with cyberattacks.
He cautioned, “At this time, organizations should an eye on insiders, who have privileged information on the organization, such as contractors and former employees since the environment is creating the opportunity for people to engage in cyber-attacks.”
Based on the World Economic Forum, the vast majority of cyberattacks – by some estimates, 98% deploy social engineering methods. Cybercriminals are very creative in devising new ways to exploit users and technology to access passwords, networks and data, often capitalizing on popular topics and trends to tempt users into unsafe online behaviour.
The Forum emphasized that stress can incite users to take actions that would be considered irrational in other situations. For example, a recent global cyber attack focused on people looking for visuals of the spread of coronavirus.