MARKETS were unsettled recently as rumours emerged that one of the country’s biggest lenders had been hacked by digital attackers. Reports claimed the attackers demanded ransom, but the financial institution rebutted extortive moves.
The Zimbabwe Independent was told that digital attacks have been on the rise, but some financial institutions have stood their ground.
The Bankers Association of Zimbabwe (BAZ) told the Independent that other banks had also reported attempts by hacking kingpins to sneak into their systems.
“While we may not have exact figures on the financial prejudice that local banks have suffered due to hacking, there have been a few reported incidents,” BAZ said.
“Fortunately, many of these incidents were successfully recovered. Additionally, banks are taking significant steps to prevent cyber attacks and protect their operations and customers.”
BAZ attributed cyber attacks to the fast-paced digitalisation sweeping across the globe.
“The impact of hacking on the operations of local and or international financial institutions has become a significant concern, especially as cyber attacks have surged in recent years.
“The consequences of these attacks can be severe, affecting not only the banks themselves but also their customers and the broader financial ecosystem,” it added.
BAZ noted that local banks had started investing in security technologies as they look to protect themselves from similar occurrences.
“The problem of hacking is widespread,
not only affecting banks, and continues to escalate given the heightened digitisation thrust,” it said.
“However, banks are investing in security technologies such as firewalls, antivirus software, and intrusion detection systems to protect their networks and systems.”
BAZ said banks were increasingly recognising the importance of educating their customers about the risks associated with hacking and the measures they can take to protect themselves.
It said it has started to take initiatives to hedge not only the banks but also customers.
“Banks provide dedicated support lines where customers can report suspicious activities or seek assistance regarding security concerns. This ensures that customers have access to help when they need it,” BAZ noted.
However, in an analysis exploring rising cases of cyber-attacks this week, Jacob Mutisi, chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution of Engineers, said in the wake of the high-profile cyber-attacks, it had become imperative for financial institutions to disclose when their systems have been breached.
Mutisi warned that hacking usually ended with the theft and leaking of sensitive customer and bank operational data.
The lack of transparency was concerning, he said, noting that it highlighted the need for new laws to compel such organisations to be upfront about cybersecurity incidents.
“This is a nightmarish scenario for any financial institution and customers,” Mutisi said in the analysis.
“This lack of transparency is unacceptable and highlights the need for regulations that would compel it, and other Zimbabwean financial firms, to be upfront about cybersecurity incidents.
“The consequences of silence extend beyond just its own customers. Zimbabweans have a right to know when major institutions have been compromised.
“To address this problem, Zimbabwe needs to follow the lead of other countries and implement mandatory disclosure laws for cybersecurity incidents.
“Such regulations would require any company, especially those in the financial sector, to promptly notify customers and the public whenever their systems have been compromised and sensitive data has been accessed or stolen. These laws would serve several important purposes.”
In a statement recently to stakeholders, one of the country’s financial institutions, ZB said: “We have social media reports purporting a breach on our systems. We are aware of frequent attempts to penetrate systems of major financial institutions.
“To that end we invested in cybersecurity and enabled our protection mechanisms. We believe we have adequate protection on our systems across the enterprise.
“We can confirm that all our platforms are secure and that services are available, uninterrupted, to our banking, insurance and investments customers”.