The Central Bank of Nigeria has commenced move to strengthen cyber resilience of Other Financial Institutions (OFIs) under its regulation.
The move which is contained in a circular titled, “Exposure Draft of the Rise-Based Cyber Security Framework and Guidelines for Other Financial Institutions” is targeted at ensuring that they remain safe and sound amidst increase in the number and sophistication of Cyber-Security threats and attacks against them.
The circular, dated August 13, 2021, and signed by the Director, OFIs Department, Nkiru Asiegbu,
was addressed to all OFIs in the country.
It stipulated the minimum requirements for enhancing cybersecurity, adding that the safety and soundness of OFIs require that they operate in a safe and secure environment.
In view of this development, the apex bank stated that the platform on which information would be processed and transmitted should be managed in a way that ensures the confidentiality, integrity and availability of information as well as the avoidance of financial loss and reputational risk, amongst others
Considering the reliance of financial institutions on Information and Communications Technology (ICT) to operate their business and the rising incidences of cyber threats and attacks targeted at financial institutions, the CBN said it had become imperative to implement Cyber-Security measures to mitigate against those risks.
In recent times, threats such as ransomware, targeted phishing attacks and Avanced Persistent Threats (APT) have become prevalent.
These have placed a burden on financial institutions including OFIs to strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.
Cyber-Security resilience is considered as an organization’s ability to maintain normal operations despite all cyber threats and potential risks in its environment.
It stated, “Resilience provides an assurance of sustainability for the organization using its governance interconnected networks and culture.
“The purpose of the Guidelines is to create a safer and more secure cyber environment that supports information system security and promote stability of the OFI sub sector; contribute towards the prevention and combating of cybercrime in the OFI sub-sector; promote the adoption and implementation of best practices and appropriate Cyber-Security standards by OFIs.”
The framework will also assist in promoting and maintaining public trust and confidence in the OFI sub sector; promote a Cyber-Security culture and awareness through continuous capacity building and skills development.
The CBN stated that the board of directors shall ensure that Cyber-Security is completely integrated with business functions and as well managed across the OFI.
The board is also to have oversight and overall responsibility for Cyber-Security programmes.
In addition, senior management of OFIs would be responsible for the implementation of the board approved Cyber-Security strategy, policies, standards and the destination of Cyber-Security responsibilities among others.