As part of broad, ongoing measures to strengthen the cyber security landscape for the banking and financial services industry in Ghana, the Bank of Ghana has established a Financial Industry Command Security Operations Centre (FICSOC) to prevent, rapidly detect, share information and respond to cyber threats aimed at the industry and ultimately the entire nation.
Work on the cybersecurity infrastructure and edifice – said to be the first such infrastructure funded and owned by a Central Bank in Africa – began in November 2019, in furtherance of the Cyber and Information Security Directive (CISD) issued by the Bank in October 2018, which largely defines the industry’s approach to cybersecurity defense and response. The project was undertaken by Virtual InfoSec Africa (VIA), a wholly-owned Ghanaian information security company in collaboration with the Bank.
Speaking at the commissioning on Wednesday, 24th May 2023 Vice President Mahamudu Bawumia underscored the importance of a robust cybersecurity infrastructure for maintaining confidence in the financial sector, especially as it adapts to the growing influence of digital technology in the provision of financial services.
“The use of digital technologies continues to transform business models of financial institutions with new revenue and value-producing opportunities. Whilst these digital technologies support banking services and enable banking strategies, the underlying security vulnerabilities pose key cyber risks among these institutions.
“Cybersecurity risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness and therefore, any severe cyber-attack could threaten the stability of the financial system,” he noted.
The Bank of Ghana initiated the FICSOC Project in 2019 aimed at threat intelligence-sharing, industry situational awareness and incident response among its regulated financial institutions. Officials of the BoG say as of April 2023, all commercial banks had been connected to the FICSOC and reporting of cyber threat intelligence in the form of FICSOC alerts and FICSOC advisories is being communicated to these banks.
Vice President Bawumia commended the Governor, Board and Management of the Bank of Ghana for their foresight and leadership of Ghana’s financial sector, evidenced in the design and implementation of policies aimed at safeguarding the sector and ensuring growth.
“The commissioning of this important edifice and infrastructure, which I understand is the first of its kind funded and owned by a Central Bank in Africa, is a remarkable feat by the Bank of Ghana. It is without doubt that very soon, other central banks in the sub-region will visit the Bank of Ghana to understudy your approach to cybersecurity defense in the financial sector.”
Congratulating the Bank for its proactive actions, Vice President Bawumia charged financial industry players to take full advantage of the capabilities of the FICSOC, while continually strengthening in-house security operations.
“My expectation and that of Government is that financial institutions will be better equipped to deal with severe and emerging cyber threats targeting the banking industry, including zero-day threats and advanced persistent threats and exploits, and allow them to make informed decisions regarding the response to those threats.
“I wish to stress that the FICSOC platform is neither in competition with nor a replacement for regulated institutions’ cybersecurity risk management (including the SOC operations) but rather complements each financial institution’s cyber and information security management framework. Hence, the responsibility for cyber and information security risk management ultimately lies with each regulated financial institution, not FICSOC operators or the Bank of Ghana.”