The Central Bank of Kenya (CBK) is calling on banks to enhance audits of staff and business arrangements with third parties.
This comes in the wake of rising fraud in the sector.
Governor
Patrick Njoroge said on Friday that in securing customers, banks should
not forget that most of the cyber security threats in the sector are
initiated from own staff or other people who have access to their
systems.
“Even as banks address customers, they also ought to take a
closer look at whether they have effectively addressed cybersecurity
internally.
"They must regularly assess whether their key assets -- staff -- are turning into key liabilities,” said Dr Njoroge in Nairobi.
“Highly
qualified staff are often categorised as key assets. However, there has
been an increase in cyberattacks perpetuated by or with the help of
insiders. In this regard, there is need to ensure staff are properly
vetted.”
Fraud risk
He
was speaking at a Kenya Bankers Association (KBA) event to roll out
#KaaChonjo campaign, an annual initiative aimed at educating consumers
on how to protect themselves from fraud-related risk.
Dr Njoroge said that proper vetting of staff at entry point can help keep off fraudsters.
Further, he called for proper segregation of duties and development of insider-threat programs to mitigate risk.
With
increased trend of outsourcing services by banks to enhance efficiency,
the CBK boss warned that this is also posing additional risks.
It
is imperative that banks review their outsourcing arrangements since
third party connections may not always be secure, according to Dr
Njoroge.
“Institutions may not be aware of the controls
and policies that the service provider has. They need to audit such
service providers to ensure they adhere to cybersecurity standards,” he
said.
Due diligence
This
will require services provided by third parties to be subjected to
heightened due diligence to avoid in planting of back doors used to
infiltrate banks’ systems.
KBA chief executive Habil
Olaka called on financial and retail organisations to continue working
together in battling the evolving nature of fraud.
“Fraud
is among the challenges that threaten progress in adoption of new
technologies. We firmly believe that it is through cross-sector
collaborations that we can defeat fraud,” Dr Olaka said.
The
month-long campaign is being held in collaboration with Visa, Retail
Trade Association of Kenya, Mastercard, Airtel, PesaLink and Consumer
Grassroots Association.
No comments:
Post a Comment