As part of broad, ongoing measures to strengthen the cyber security landscape for the banking and financial services industry in Ghana, the Bank of Ghana has established a Financial Industry Command Security Operations Centre (FICSOC) to prevent, rapidly detect, share information and respond to cyber threats aimed at the industry and ultimately the entire nation.
In accordance with the Cyber and Information Security Directive (CISD), which the Bank issued in October 2018 and which largely defines the industry’s approach to cybersecurity defense and response, construction on the cybersecurity infrastructure and building, which is said to be the first such infrastructure funded and owned by a Central Bank in Africa, began in November 2019.
Virtual InfoSec Africa (VIA), a 100%-owned Ghanaian information security company, collaborated with the Bank on the project.
The project was commissioned on Wednesday, 24 May 2023, with Ghana’s VP Mahamudu Bawumia highlighting the significance of a robust cybersecurity infrastructure for maintaining confidence in the financial sector, especially as it adapts to the growing influence of digital technology in the provision of financial services.
“The use of digital technologies continues to transform business models of financial institutions with new revenue and value-producing opportunities. Whilst these digital technologies support banking services and enable banking strategies, the underlying security vulnerabilities pose key cyber risks among these institutions.
“Cybersecurity risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness and therefore, any severe cyber-attack could threaten the stability of the financial system,” Vice President Mahamudu Bawumia noted.
The Bank of Ghana initiated the FICSOC Project in 2019 aimed at threat intelligence-sharing, industry situational awareness and incident response among its regulated financial institutions. Officials of the BoG say as of April 2023, all commercial banks had been connected to the FICSOC and reporting of cyber threat intelligence in the form of FICSOC alerts and FICSOC advisories is being communicated to these banks.
CalBank Introduces New Range Of Enhanced Services
VP Bawumia complimented the Governor, Board and Management of the Bank of Ghana for their foresight and leadership of Ghana’s financial sector, confirmed in the plan and execution of arrangements pointed toward protecting the sector and guaranteeing development.
“The commissioning of this important edifice and infrastructure, which I understand is the first of its kind funded and owned by a Central Bank in Africa, is a remarkable feat by the Bank of Ghana. It is without doubt that very soon, other central banks in the sub-region will visit the Bank of Ghana to understudy your approach to cybersecurity defense in the financial sector.”
Vice President Bawumia commended the Bank for its proactive actions and urged stakeholders in the financial sector to make full use of the FICSOC’s capabilities while continuously improving internal security operations.
“My expectation and that of Government is that financial institutions will be better equipped to deal with severe and emerging cyber threats targeting the banking industry, including zero-day threats and advanced persistent threats and exploits, and allow them to make informed decisions regarding the response to those threats.
“I wish to stress that the FICSOC platform is neither in competition with nor a replacement for regulated institutions’ cybersecurity risk management (including the SOC operations) but rather complements each financial institution’s cyber and information security management framework. Hence, the responsibility for cyber and information security risk management ultimately lies with each regulated financial institution, not FICSOC operators or the Bank of Ghana.”