Vice President Mahmud Baumia on Wednesday commissioned the Bank of Ghana’s (BoG) Financial Industry Command Security Operations Center (FICSOC) to decisively address cybersecurity threats in the financial services sector.
FICSOC was funded by the Bank of Ghana (BoG) as a threat intelligence sharing platform to coordinate cybersecurity efforts within the banking and financial industry and to build cybersecurity resilience against cyber and information security threats. rice field.
The project, the first of its kind in Africa, was initiated by the BoG in November 2019 and went live in January 2023.
It was designed by Virtual InfoSec Africa Limited, a wholly owned information and cybersecurity services company in Ghana. As of April 2023, all commercial banks in Ghana are connected to the platform.
During the dedication of a state-of-the-art digital infrastructure in Accra, Vice President Baumia said the facility will enable banks and financial institutions to address serious emerging cyber threats targeting the banking industry.
He said the use of digital technology continues to transform financial institutions’ business models with opportunities to generate new revenue and value.
He noted that while these digital technologies support banking services and enable banking strategies, underlying security vulnerabilities pose significant cyber risks to these institutions.
“Cybersecurity risks can undermine operational capabilities and threaten the viability of financial institutions. It could threaten stability,” the vice president said.
In order to strengthen the cyber resilience of Ghana’s banking and financial industry, Dr Baumia said, the Central Bank issued the Cyber and Information Security Directive (CISD) in October 2018 to clarify the industry’s approach to cybersecurity defense and response. said defined.
The directive requires each regulated financial institution to implement security information and event management (SIEM) technology that provides real-time analysis of network, hardware, and application-generated security alerts. And create a Security Operations Center (SOC) run by designated employees to act as a cyber nerve center.
Additionally, the Bank of Ghana must establish an industry SIEM system for receiving logs/alerts, aggregated information and reports from each institution’s SIEM.
These requirements formed the basis of the Financial Industry Command Security Operations Center (FICSOC).
The FICSOC project aims to share threat intelligence, industry situational awareness, and incident response among regulated financial institutions.
“As of April 2023, I have certainly heard that all commercial banks are connected to FICSOC and reports of cyber threat intelligence are being communicated to these banks in the form of FICSOC Alerts and FICSOC Recommendations. ,” said Dr. Baumia.
The platform is designed for secure sharing and collaboration, as well as facilitating risk analysis and prioritization, resource allocation, and threat understanding tailored to each regulated financial institution and banking industry. It’s designed to, he added.
FICSOC consists of integrated infrastructure and software solutions for collecting, processing and sharing threat intelligence.
These components are Security Information and Event Management (SIEM), Threat Intelligence Sharing, Network Traffic Analysis, and Digital Forensics Laboratory.
The vice president said the coordinated approach between regulators and member banks will enable FICSOC to maintain independence and confidentiality in its day-to-day operations while enabling regulated financial institutions to work together to combat cybersecurity threats. believed to provide extensive support for
In addition, as part of the Critical Information Infrastructure owned by the Bank of Ghana, FICSOC has established a mandatory security clearance under the Cyber Security Act 2020 (Act 1038) to protect Ghana’s critical systems and strengthen existing partnerships. will be subject to compliance checks and audits, he said. An initiative between the Bank of Ghana and cybersecurity authorities.
Dr. Bawumia said the FICSOC platform does not compete with or replace regulated agency cybersecurity risk management (including SOC operations), but rather complements each financial institution’s cyber and information security management framework. I explained that there is.
Responsibility for cyber and information security risk management therefore ultimately rests with each regulated financial institution rather than the FICSOC operator or the Bank of Ghana.
“What the Bank of Ghana and Virtual Information Security Africa have done shows that we must avoid thinking that it is impossible and believe that it is possible to lead the continent, and indeed the world, in many areas. We are doing it,” said Dr. Baumir.
