By Tony Obiechina, Abuja
The Central Bank of Nigeria has given all banks in the country a deadline of December 1, 2023 to fully comply with the Cyber Security Framework.
According to the Apex Bank, the directive became mandatory for institutions in order to strengthen their cyber defenses so as to remain safe and sound.
This is contained in a circular dated June 29, 2022, signed by the CBN Director, OFIs Department, Nkiru Asiegbu and addressed to all Other Financial Institutions under the regulation of the banking sector regulator.
The CBN said the need for full compliance with the framework has become compelling following the recent increase in the number and sophistication of cybersecurity threats against financial institutions.
The objective of the framework is to create a safer and more secure cyber environment that supports information system security and promote stability of the OFI sub-sector.
It also seeks to promote and maintain public trust and confidence in the sub-sector as well as contribute towards the prevention and combating of cybercrime in the OFI sub-sector.
Also, the framework provides a risk-based approach to managing cybersecurity risk and consists of six parts including Cybersecurity Governance, and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, , Monitoring and Reporting.
The apex bank added that the guidelines represented the minimum requirements to be put in place by all OFIs.
The CBN stated that the safety and soundness of OFIs required that they operate in a safe and secure environment, hence the platform on which information is processed and transmitted should be managed in a way that ensures confidentially, integrity and availability of information as well as the avoidance of financial loss and reputation risks among others.
The bank noted that considering the reliance of financial institutions on information and communications technology (ICT) to operate their business and the rising incidences of cyber threats and attacks targeted at financial institutions, it became necessary to implement cybersecurity measures to mitigate against those risks.
The bank specifically noted that threats including ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) had become prevalent, demanding that financial institutions boost cyber resilience as well as take proactive steps to secure their critical information assets to ensure their safety and soundness.
The document further spelt out the roles of board of directors in relation to cybersecurity as well as appointment and responsibilities of the Chief Information Security Officer (CISO) among others.