Countering cyber crime
During February 2016, hackers targeted the central bank of Bangladesh and exploited vulnerabilities in the Society for Worldwide Interbank Financial Transactions (SWIFT), attempting to steal U$1 billion. While most transactions were blocked, U$101 million still disappeared.
The Bank for International Settlements as a standard setter noted that cyber-attacks are more frequent on larger firms and most prominent in the financial sector.
This incident served as a valuable lesson for the Bank of Namibia (BoN) as protecting the Namibian financial system is a responsibility that is not taken lightly.
These remarks were made by Romeo Nel, director of banking supervision at the BoN, at the official launch of the Cyber Security Industry Council.
It is intended that the council serve as an effective platform through which the banking and non-bank financial sectors can facilitate discussion and formulate operational approaches, either collectively or individually, for participants to combat cyber fraud. The Cyber Security Council is a public- private partnership and not a supervisory tool in any way.
Also speaking at the launch, deputy governor of the central bank, Leonie Dunn, made reference to a cyber-attack “WannaCry”, which affected over 200 000 computers in 150 countries world-wide with an estimated loss of US$4 billion.
Dunn noted that there are fast growing chains of interdependence between countries, cities, businesses and even individuals.
“From the sources and flow of information, to how finances flow within our financial system, the cyberspace is an intrinsic part of our lives just as the internet is.”
Dunn further pointed out that Namibia’s total number of Internet users reached an estimate of 1.3 million by December 2020, whereas the internet user’s growth percentage of Namibia is at 4.4% from 2000 to 2021.
Although that is a great thing, it is not without risks. Increased connectivity also leads to exposure and greater vulnerability.
To date, there is no official national cybersecurity strategy in Namibia.
“We are however aware that the ministry of information and communication technology (MICT) with the assistance of the Commonwealth Secretariat, devised some of the components of the cybersecurity strategy,” she said.
The Namibian government is in the process of finalising its cybercrime related legislation which includes the draft Cybercrime Bill and the draft Data Protection Bill. While this will play a fundamental role in the broader sense of the country’s cyber resilience, it also highlights the need for a financial industry cyber risk strategy.
“It is therefore an opportune time for us, to come together as an industry to gain a deeper understanding of our cyber risk landscape in coming up with a strategy that optimally addresses the risks we are faced with,” she said.
The Cyber Security Council will help ensure that a large set of issues around cyber security within the industry receive the necessary priority that it deserve. It will improve the maturity levels of cybersecurity within the member organisations, and the financial sector at large by enabling leaders in information security to share their knowledge within and across firms, among other ways. It will improve efficiency in cyber-risk management as institutions can leverage from each other.
The council will convene meetings of experts— for a structured dialogue on cutting-edge issues and valuable personal interactions among peers.
“Working with all members, we can give strong support to sound public policies in Namibia and elsewhere that are designed to enhance cyber security. As a council, we will also be able to share information, intelligence and raise awareness of cyber threats, vulnerabilities, and incidents between member organisations, and provide strategic advice and guidance on handling these threats,” Dunn said.