Cybersecurity of top priority for Ghanaian banks

As an increasing number of businesses and government services migrate online, cybersecurity has become a pressing issue. According to the Cybercrime Unit of Ghana’s Criminal Investigations Department, in the first seven months of 2018 Ghana lost approximately $97m to cybercrime, up from $69m in 2017 and $26m in 2016. President Nana Akufo-Addo called cybersecurity a national security issue, as it can undermine government initiatives when rolling out technology for official procedures, including implementing the national ID system, the digital addressing system and e-payments. It is also a risk to the country’s growing ICT sector as a whole.

The government has substantially strengthened its approach to cybersecurity in recent years, with a wave of initiatives and a range of international partners actively involved in supporting these efforts. It is indicative of this progress that government figures are now talking about making Ghana a key regional centre for cybersecurity technology.

Cybersecurity Centre

The government has established the National Cyber Security Centre to oversee cybersecurity in both the public and private sectors, which involves monitoring cybersecurity incidents and increasing public awareness. The National Communications Authority, which regulates the sector, and the World Bank supported the centre’s establishment.

Ghana is also a signatory of the African Union Convention on Cyber Security and Personal Data Protection (known as the Malabo Convention) and the Convention on Cybercrime (also known as the Budapest Convention), bringing it into international networks addressing cybersecurity. International partners that support the country’s cybersecurity efforts include the US, through the Security Governance Initiative, and the EU, with the Global Action on Cybercrime project. In August 2018 a delegation from a range of US government agencies, including the State Department, Federal Reserve and FBI visited Ghana to boost cooperation between the two countries on cybersecurity issues. In December 2018 Ursula Owusu-Ekuful, minister of communications, confirmed that work was ongoing on a new law to improve Ghana’s cybersecurity environment. It is expected that it will be introduced alongside a cybersecurity policy in 2019. The minister said that the government’s digitisation drive and introduction of a growing range of e-services meant that there was a growing risk of cybercrime. The national policy on cybersecurity and policy is expected to be unveiled in 2019, following consultation with a range of stakeholders on the draft. The policy is expected to strengthen the Ministry of Communication’s work with other ministries, agencies, the private sector and international partners on addressing cybersecurity issues. It should also help the government attract investments in the field.

Banking Directive

Growing online banking services are a particular area of concern. The Bank of Ghana (BoG), the Ministry of Communications, and the Ghana Association of Bankers have worked together to develop the BoG’s Cyber Security Directive for Financial Institutions, which launched in October 2018. This directive will establish guidelines for cybersecurity and information security in the financial sector, to secure the financial intermediation process and to strengthen bank and customer confidence in the security of banking technology. Banks will be obliged to implement cybersecurity controls and follow a timeline to ensure that they are meeting requirements. All banks will also be required to appoint a cyber and information security officer to advise senior management and shape policies regarding cybersecurity issues.

The directive lays out procedures for technology governance, risk management, auditing, asset management and cyber defence. According to the BoG, in 2016 the bank recorded 400,000 malware events, 44m cases of spam and 280,000 bot incidents, as well as various attempts to exploit weaknesses in information security. Protecting the sector from these risks is an essential part of ensuring its long-term financial health.