Internet Solutions hosts banks to address increasing cyber risks

With cyber-attacks running into the tens of thousands yearly (at a conservative estimate) and the criminals behind them developing their tech skills to increasingly advanced levels, it’s no longer a case of “if” your company will become a victim – it’s “when”.

It is against this background that Internet Solutions in Conjunction with CIO East Africa hosted, banking institutions to explore the ways of collaboration.

According to Laura Chite, Chief Executive CIO East Africa, the leveraging on technology by banks exposes them to increased cyber risks hence the need to constantly collaborate with industry players to enhance cyber security.

The session coming ahead of the (CBK) Central Bank of Kenya’s cybersecurity compliance deadline scheduled for end of November laid emphasis on proactive approach other than being reactive to cyber-attacks.

As cyber-attacks evolve, subjecting institutions to threats such as information theft, CBK expects the leadership of institutions to ensure strategic means are incorporated in banks to enable a proactive approach to cyber-security.

One of the strategic measures globally accepted and acknowledged by CBK is the introduction of the role of the Chief Information Security Officer (CISO). This role is aimed at creating an organizational culture of shared cyber-security ownership.

Each institution should determine the best reporting option of the CISO depending on factors such as an institution’s vision and strategic goals, culture, management style, security maturity, IT maturity, risk appetite and all relevant dynamics involving the current security posture and reporting lines. Most importantly is to ensure that the CISO serves in the Senior Management Team.

According to Dr. Bright Mawudor, Cyber Security Specialist at Internet Solutions , while compliance to the CBK guidelines is important, it is critical that companies go beyond sheer protection of data.

“It’s clear that simply taking steps to secure your data is no longer enough. While response and recovery plans remain critical, a more comprehensive, integrated strategy that includes a pre-emptive approach to cyber security is needed to protect company’s data – and with it, the future of the business.” Dr. Bright Mawudor Cyber Security Specialist, Internet Solutions.

“It’s clear that simply taking steps to secure your data is no longer enough,” said Dr. Mawudor, adding: “While response and recovery plans remain critical, a more comprehensive, integrated strategy that includes a pre-emptive approach to cyber security is needed to protect company’s data – and with it, the future of the business.”

Laying emphasis on pre-emptive cyber-security, Dr. Mawudor noted that instead of buying multiple counter security application is critical that to always anticipate threats and repel attacks, based on intelligence and preparation as part of a detection-response that would largely be guided with policies.

According Raymond Macharia, Internet Solutions Network Manager, since the nature of today’s businesses today demonstrate that organizations cannot entirely disconnect from the Internet as an option to avoid cyber-attacks, it remains critical to walk with experts who would not only install reliable solutions to beat cyber-adversaries at their own game but be available to detect risks. “The detection is key and the ability to respond timely is fundamental to a defence in depth,” he added.

Macharia further asserted that it is time the financial institutions go beyond investing on automated cyber security incident response systems. As the cyber world gets more complex it is time for companies to constantly prod on how well protected they are from cyber-attacks and if their defence strategy would be mostly reactive or if it includes pre-emptive tactics.