The affair is causing a stir in the sub-regional financial world and in certain circles. In recent weeks, several publications have reported an attack by cybercriminals who have allegedly stolen data from the bank and are demanding the return of 10 million dollars, or just over 6 billion CFA francs.
These persistent reports are accompanied by the publication of supposed data designed to confirm that this is in no way a rumour. The bank admits that an attempt was made, but that it was unsuccessful: "If there was an attempt to hack into our systems, it was not a successful one. If there was indeed an attempt to break into our systems, it was quickly blocked", said the bank in a statement, assuring that "personal data has not been affected" and guaranteeing "its integrity".
When questioned by Sika Finance, IT security specialists confirmed that hackers had targeted the bank, but could not yet say how many documents may have been stolen.
This news is yet another stark reminder of the looming and pressing cybercrime threat in the WAEMU. Last October, in Senegal, the telecoms regulator ARTP had more than 100 GB of data stolen by hackers demanding a ransom. Similarly, in recent weeks, the specialist website CIO Mag reported on a cyber attack targeting the Ivorian Ministry of Defence, which suffered the hacking of 50 GB of data.
In an interview with Sika Finance, Franck Kié, Chairman of the Cyber Africa Forum, citing a report by Dataprotect, noted that 85% of financial institutions have already been the victims of one or more cyber attacks. And in 2021, a study by Kenyan cybersecurity specialist SERIANU estimated the cost of cybercrime at 4.12 billion dollars, compared with 3.5 billion dollars four years earlier.
Challenges in the region
The big question is whether the cybercrime threat is being properly addressed, particularly within the regional financial system. The players are generally well aware and informed of the risks relating to cybercrime", explains Laïcana Coulibaly, CEO of Diamond Security Consulting, a cybersecurity consultancy based in Abidjan whose expertise is being exported to the region. But where the problem lies is in setting up substantial budgets to organise and strengthen safeguards against online attacks.
"It's true that the cost of acquiring cybersecurity solutions can be a heavy investment (...). They can cost up to 1 million dollars, or even more, depending on the size of the bank", he reveals. Costs that can be daunting.
"We have establishments that are making the investments and are well prepared to deal with this kind of threat. Some are doing it gradually, while others haven't really seen the point yet. And yet, in the event of data piracy, the ransoms demanded are out of all proportion to the investment needed to protect themselves", he maintains.
While there are local firms capable of implementing cybersecurity policies and solutions, the big challenge is the availability of skilled human resources within the organisations themselves". According to our expert, the question of sufficient high-level skills is not just an issue in Africa, but on a global scale. We are facing increasingly sophisticated attacks from hackers who are the same ones attacking banks and institutions in Europe and the United States, for example, hence the need for really specialised skills capable of dealing with all types of threats.
To give an idea of the level of preparedness of the financial market to face up to cybercriminals, Laïcana Coulibaly takes as a benchmark certification to the PCI-DSS standard, one of the highest standards for payment card security: "Only a handful of banks can claim to have obtained this seal of approval in the WAEMU market", he laments.
In its report ''Interpol’s Key insight into cybercrime in Africa "Published in October 2021, Interpol reported that ''Africa has seen a sustained increase in the volume of cyber attacks, including a 238% rise in cyber attacks on online banking platforms in 2020."
Jean Mermoz Konandi
Source: Sika Finance