OP-ED: Cybersecurity Ahead of Christmas Festivities

As we go into the festive season should be very careful, especially as the number of online transactions is bound to increase making it difficult for cybersecurity officials to determine which activities constitute cybersecurity breeches.
A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash
A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash

A flurry of incidents in the news of cybersecurity breaches in recent weeks is a cause for concern, but a better understanding of cybersecurity need not be our new reality.

In the old days, when transacting with your bank it was mostly face-to-face transactions. You would walk into the bank, line up to be served, meet a bank official who would help you transact whatever you wanted. That looks very crude these days where only two in ten transactions are carried out over the counter at PostBank, a statistic that is mirrored across the industry.

The adoption of automation and Information Technology (IT) has been good for industry clients, who need not come to the banking hall anymore to transact business but can carry out their business 24 hours, seven days a week in the comfort of their homes. This increased convenience has improved efficiency on a personal and macro level, driving the economy to new heights. In addition, it has also led to an increase in industry metrics, wherever you look be it deposits, lending, and increased interaction with financial institutions.

Looking back to an earlier time, with less face-to-face contact the incidents of crime or attempted crimes have increased across the industry.

Enter cybercrime, defined as illegal activities carried out using computers, networks, or the internet.

Using your interaction with your bank the shift to digital services has heightened the need to do Know Your Customer (KYC) validations without physical presence. As explained above, this has allowed over-the-counter interactions to fall precipitously, and the trend is continuing.

We can all agree that we are not willing to go back to an earlier slower, less convenient time. That being as it is, the need therefore for beefing up our cybersecurity capabilities is urgent and critical. As a bank whose purpose is to foster prosperity for Ugandans, investing in systems that ensure that customers transact conveniently and in a more secure environment is key.

It is important for industry experts, but especially the general public, to better understand the threat in order to combat this new crime.

There are many risks that facilitate cybersecurity, but one major risk is insider threats. These can apply to companies and organizations but also to individuals, where intentionally —someone close to you, who knows your credentials steals your money or unintentionally, where a person is not careful about their cybersecurity allowing criminals access. This may be by being conned into revealing your identity or security credentials.

It is naive to believe that no one would be interested in you because maybe, you have a low income. The way cybercriminals often work is by trying out many people, say hundreds of victims, so if a fraction of these fall for the scam and are relieved of a few thousands, this spread over many people add up. So, for starters, no one is safe.

Steven Mwesige.
Steven Mwesige.

As we go into the festive season, we should be very careful, especially as the number of online transactions is bound to increase making it difficult for cybersecurity officials to determine which activities constitute cybersecurity breeches.

Thankfully there is increasing collaboration within the industry, across the economy, and with the government to secure our systems and minimize the risk of cybercrime.

This is necessary, even critical, because in an increasingly connected world cyber-attacks need not and often do not come from near you. Since crime is global, we are seeing increasing collaboration in a sector where previously financial institutions were content to suffer their losses quietly for fear of reducing confidence in the victim bank.

The challenge with this kind of secrecy in the face of this new crime is that the perpetrators can then go and replicate the same scam in another institution without fear of being detected. With greater collaboration we can meaningfully reduce the risk to the industry and our clients.

And again, just because we are a relatively poor country, we should never think that criminals will give us a break.

Cybercriminals are always looking for the lowest-hanging fruit. They will go to where they believe it is easier to steal money. So, if our systems do not keep up with the times, as a country we are vulnerable to attacks any day, anytime.

Increased collaboration to stave off cyber-attacks is not enough. There needs to be a widespread effort to highlight cybersecurity as a worthwhile career path. Our rate of connectivity is rushing far ahead of the cybersecurity professionals passing out of our institutions. It is important that that trend is reversed in view of the increasing threats via cyberspace.

From a purely nationalistic level can we ensure enough cybersecurity professionals to man our critical systems and eventually take over the sector?

Already there is a multisectoral committee being spearheaded by industry regulators such as the central bank to bring our policies and regulations up to speed with this threat. An initiative to subsidize the training of cybersecurity professionals would be very welcome.

We should be concerned but not fearful, the difference being if we are concerned, we can take the necessary steps to safeguard ourselves from cyberattacks as opposed to being fearful and paralyzed against taking any action.

Editor’s Note: The article was written and provided to PC Tech Magazine for publishing by PostBank’s Head of ICT Security and Governance, Steven Mwesige.