Kenya Cyber Security Report 2015
Cyber Security Perspective from the Financial
Services Sector
Edgar Mwandawiro | Head of Risk at Gulf African Bank
C
yber security remains a critical
Naturally, this growth comes with
concern for the banking
corresponding cyber risks, which have
industry. Players in the industry
to be managed. As financial institutions
have underscored the importance
continue to invest in complex technology
of securing corporate cyber assets
infrastructure, strong asset management
through commitment of extra funding
principles must be implemented to
to improve cyber security. The last
ensure classification, ownership and
couple of years have seen an increase in
protection of those assets. While
industry expenditure with the singular
individual entity asset protection is
aim of achieving effective cybersecurity
indispensable, collective, inter-party and
operational and strategic controls and
industry related initiatives are crucial. An
planning.
improvement in legislation surrounding
As technologies continue to expand to
cloud infrastructure, assets protection
meet customer demands, electronic
and digital forensics is urgently required.
access to customer information and
The quest to provide customer
convenience and aggressive marketing
The Government Anti-Fraud authorities
must play a more active and independent
role while carrying out banking/financial
fraud investigations and ensure cases
come to conclusion on time to the benefit
of the defrauded financial institutions and
the ultimate customers.
data they continuously pose significant
by financial institutions has seen
Financial institutions are still suffering
technology-enabled institutions
large cyber fraud incidents, which
continuously interface and integrate
have resulted in direct financial loss
their internal systems with external
through the loss of customer funds
party systems to leverage on a variety of
and confidential customer information,
business opportunities and operational
perpetrated by customers, insiders or
efficiency. Uptake of cloud and managed
outsourced partners. In response to
services has seen financial institutions
this, many financial institutions have
better manage their capital expenditure
put in place vendor risk management
and concentrate on their core business
policies to address outsourced partners’
The success of all cybersecurity projects
of providing financial solutions and
risks, conduct background screening for
and strategies lies in setting the tone
services. Mobile and internet banking
employees, and KYC for customers. These
from senior management through
services tailored to suite local and global
have improved their internal systems
establishment of enterprise cybersecurity
customers have seen financial institutions
controls, and enabled these institutions
policies which will build a strong
invest heavily on e- channel platforms
to proactively monitor transactions and
foundation for cybersecurity principles,
and on strategic partnerships with
employee behaviour change dynamics
governance, guidelines, procedures and
telecommunication players.
as part of critical elements to remedy the
processes.
challenges but also opportunities for
business development. Therefore, the
ultimate test should be how to enable
customers access their data securely,
what kind of information will/should be
accessible and when allowed, how to
secure the data while at rest and/or in
transit.
current cyber fraud prone environment.
32