Dr. Maxwell Opoku-Afari, 1st Deputy Governor of Bank of Ghana
The Bank of Ghana has promised to play an active role in the implementation of the Cybersecurity Act, 2020 through its representation on the Joint Cybersecurity Committee (JCC), pursuant to Section 13 of Act 1038.
As such, it will continue to endeavour to provide all available support to ensure smooth formulation of policies in this area.
Speaking at the launch of the National Cyber Security Awareness Month, 1st Deputy Governor, Dr. Maxwell Opoku-Afari said the Central Bank will clsoely work with the Cyber Security Authority to monitor trends of cybersecurity issues in the financial sector and ensure collaborative response to cybersecurity incidents.
“We at the Central bank will continue to draw strength from Cybersecurity Act 1038, which is intended to further promote and improve collaborative efforts between the Cyber Security Authority and the Bank of Ghana”.
“Today’s world is completely different from a decade ago as changes in information and communication technology increase exponentially. As a result, it is important for institutions to undertake cyber security-related due diligence and assessments, identify proper detective controls, and enforce third party and insider risk programmes to protect and safeguard their working environments from cyber related activities that are not conducive for growth. I believe we will all delve into some of these critical issues that are associated with our drive towards digitization”, he mentioned.
On the action taken by Bank of Ghana to safeguard banks against cyberattacks, Dr. Opoku-Afari said the Bank of Ghana has worked collaboratively with the commercial banks to meet the governance requirements of the Directive, that is, appointments of Board Committee on Cyber and Information Security with a clear Charter; assignment of Director of Cyber and Information Security (DCIS); and appointment of Chief Information Security Officers (CISOs).
Again, he said banks have been reporting their cyber and information security incidents to the Bank of Ghana on monthly basis.
Also, he further said the Bank of Ghana continues to have periodic engagement with member banks to clarify aspects of the directive as well as facilitate safer digital transformation with the adoption of cloud technologies.
So far, the Bank of Ghana has prepared a banking sector Cyber and Information Security guidelines to protect consumers and create a safer environment for online and e-payments products.
Among others, the guidelines seek to create a secure environment for transactions within the cyberspace and guarantee trust and confidence in ICT systems; provide an assurance framework for the design of security policies in compliance to global security standards and best practices by way of cyber and information security assessments and protect banks, customers and clients against the potentially devastating consequences of cyber-attacks.
In pursuing these objectives, the Bank of Ghana has also embarked on the Financial Industry Command Security Operations Center (FICSOC) project to enable the industry have aggregated visibility into the cyber threat landscape confronting the sector, through monitoring and threat intelligence sharing.
The components of the FICSOC Project include Security Information and Event Management (SIEM), Threat Intelligence Sharing, Network Traffic Analysis and Digital Forensic Laboratory.