Bankers should provide firewall safeguards to clients
By David Mugabe
A global cyber security expert has questioned the level of preparedness of the banking industry as they adapt online banking as well as public sector safeguards against attacks.
Dr. Fredrick Wamala, speaking at a key regional meeting on information security noted that Uganda is jumping onto the online banking bandwagon but the safeguards are lacking.
“Who safeguards the citizens against possible fraud? In the UK, the bank pays in case of fraud and they have been forced to provide firewall safeguards to clients,” noted Wamala.
He was the key note presenter at the East African Information Security Conference in Kampala early in the week.
During discussions, the Central Bank was advised to ensure a balanced contract that ensures that even financial institutions bear the loses by compensating customers when customers sign onto online banking.
At the moment, the customer suffers full exposure in the event that their systems are broken into. Keto Nyapendi, the assistant Auditor General and past president of the Information Systems Audit and Control Association (ISACA)-Uganda chapter said if there is proof that the bank was culpable, they should compensate clients in the event that their systems are broken into.
He, however, urged banks to provide firewalls and foolproof systems. Wamala asked partner states to work more closely to protect ICT infrastructure such as fibre optic cables. He also advised that individuals executing ICT contracts should be vetted and not just their technical competences.
He outlined espionage, fraud, organised crime and disaffected employees as major threats to institutions and individuals.
“If the public sector is moving into cyber space, they have to understand it. Government officials are sometimes the weakest links,” he noted. In a related development, a new framework that will guide government agencies on how to respond and mitigate the devastating effects of a cyber-attack will be out in February 2014.
James Saaka, the executive director of National Information Technology Authority-Uganda (NITA-U) disclosed during the meeting that the framework will spell out standards, specifications and procedures on how to handle and respond to cyber attack threats.
But participants wondered whether the framework will be enforced, especially against the background that well-intentioned projects such as the national infrastructure backbone have been adapted by only a handful of ministries and government agencies.
Saaka said: “There will also be timeframes within which they comply with the new framework, the auditor general will help to ensure that government agencies comply.”
A component of the framework, the national computer emergency response team, is already being put in place to help the country in the event of a cyber-attack.
On the low funding of the ICT sector which is increasingly emerging as a critical component of the economy, ICT minister John Nasasira promised that going forward there will be better budget support, especially in the cases where private sector input is limited.
Nasasira cautioned against leaping towards fast Internet connectivity without taking care of information security.
“Despite heightened awareness and cutting edge tools, organisations continue to register security breaches. The attackers are as advanced as the defenders therefore concerted efforts must be put in place to protect the information assets,” he said.
“Matters of security require collective efforts since any weak point, irrespective of where it is found in the chain, would lead to disastrous results,” said Nasasira
No comments :
Post a Comment