Nigeria Unveils Guidelines on Cyber Security for Banks

CNB

Lagos, Nigeria, June 28, 2018// – The Nigeria Central Bank (CBN) has released a draft risk-based framework and guidelines on cyber security for deposit money banks and payment service providers (PSPs).

A publication signed by Kola Balogun for the Central Bank’s Director of banking supervision, noted that the requirements were in light of a recent increase in the number and sophistication of cyber security threats against banks and PSPs.

“It has become mandatory for these institutions to strengthen their cyber defenses if they are to remain safe and sound,” the statement read.

The draft guidelines stipulating minimum requirements ranging from cybersecurity self-assessment tools to reporting templates were thus released for comments and inputs from these financial institutions on or before July 31, 2018.

“In recent times, cyber security threats have increased in number and sophistication as DMBs and PSPs, use information technology to expedite the flow of funds among entities.

“In this regard, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT), have become prevalent; demanding that DMBs and PSPs remain resilient and take proactive steps to secure their critical information assets including customer information that are accessible from the cyberspace.

“It is in this regard that this framework, which outlines the minimum cyber security baseline to be put in place by DMBs and PSPs, is being issued.

“The framework is designed to provide guidance for DMBs and PSPs in the implementation of their cybersecurity programmes towards enhancing their resilience.

“Cybersecurity resilience is considered as an organisation’s ability to maintain normal operations despite all cyber threats and potential risks in its environment. Resilience provides an assurance of sustainability for the organisation using its governance, interconnected networks and culture.

“DMBs/PSPs should note that for a cybersecurity programme to be successful, it must be fully integrated into their business goals and objectives, and must be an integral part of the overall risk management processes.

“The framework provides a risk-based approach to managing cybersecurity risk. The document comprises six parts: Cybersecurity Governance and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, Monitoring & Reporting,” the circular noted.

Independent.ng 

Leave a Reply

*