The Bank of Ghana and the Cyber Security Authority are collaborating to improve the cybersecurity posture in the banking sector.
In particular, the two institutions are discussing various ways to approach the implementation of the Cybersecurity Act, 2020 (Act 1038) for the sector. The detailed areas of collaboration are contained in the joint statement issued by BoG and CSA on June 24, 2022, nearly a year ago.
According to the Governor of the Bank of Ghana, Dr. Ernest Addison, the project will help provide real-time visibility into cyber threats and attacks targeting the banking sector.
Speaking at the official commissioning of the Financial Industry Command Security Operations Center (FICSOC) in Accra, Dr. Addison said the FICSOC project is a critical component of the systems and we have to deal with cyber security challenges.
In October 2018, the Bank of Ghana issued the Cyber and Information Security Directive (CISD) for banks and other Bank of Ghana-regulated financial institutions with the expectation that all regulated financial institutions would implement the required Information Security Management Systems (ISMS) controls to ensure the delivery of a safer digital financial Industry.
The implementation of the directive was phased over 36 months, and through effective monitoring and supervision among regulated banks.
“As these institutions worked towards full implementation of the directive, it became evident that the Bank of Ghana had to establish an industry Security Information and Event Management (SIEM) system to enable those institutions implementing SIEMs to send logs/alerts, aggregate information and reports. To achieve this, the Bank initiated the SIEM project which we call the Financial Industry Command Security 2 Operations Centre (FICSOC) Project”, the Governor emphasized.
He added that the FICSOC Project is now completed and operational with reports/alerts in the form of threat intelligence provided to the banks to improve their incident response mechanisms.
He concluded that digital technology can be a potent tool for financial inclusiveness, and therefore there is a need to protect the financial system from cyber threats.