Rwanda’s financial sector is becoming vulnerable to cyber security threats and fraud as the segment expands use of electronic payment system.

National Bank of Rwanda (BNR) has warned that local banking sector is also prone to cyber fraud.

According to official data, the country has lost Rwf257 million to cyber attacks and other frauds in the financial sector. During the first quarter of 2015, the loss is estimated at Rwf174 million.

The central bank has not been spared either after it lost Rwf27 million to hackers.

READ: Criminals target bank accounts in Rwanda

“As we move into this high tech to enhance our financial operations, criminals are also busy planning on how to take advantage of this high tech to steal more money from everybody who pass here and across the world, “ said Central Bank Governor John Rwangombwa at a workshop on cyber security in the financial sector.

READ: Worries over new avenues of cyber crime

Experts say some banks may not report fraud cases fearing they could lose customers’ confidence.

According to a research, there are many factors attributed to cyber security frauds in local companies and elsewhere.

One of new trends is inside initiated threats, which link employees knowingly or unknowingly to malicious activities that expose companies to risks.

Access to system

According to Tim Brown, a lecturer of Information Security at Carnegie Mellon University in Rwanda, companies should consider threats to system users because they manage and have access to the system.

“For instance in banks, large transactions require approval of more than one bank manager. In other words, individuals can’t actually get access to large amount of funds in banks; it requires two persons authority to make that happen,” said Mr Brown.

Effective IT security policies can play a big role in mitigation risks associated with online security.

Minister for Youth and ICT Jean-Phillibert Nsengimana said there should be an IT policy that is applicable to the entire banking industry.

“I think that the same way banks are subject to financial audits they should make sure that the assets of the clients are protected. I think we need to add cyber security as one critical component and we put in place standards,” he said.

According to a World Bank report released last year, around $345 billion were lost across the world to cyber crimes.

Jean d’Amour Ishimwe, an information security officer at BNR said despite the existence of information security policies they are not followed.
“No one cares if there is no monitoring and enforcement.

We need to implement some internal controls to be able to detect at the real time such internal frauds,” said Mr Ishimwe.

IT security awareness

Other risks identified by industry players are lack of fundamental security practices as some employees ignore IT security practices which can exposes companies to attack risks.

“We as IT security professionals in the banking sector we need to do regular IT security awareness.

We need to guide our end users on how to behave while on Internet and of course making sure that we are improving our IT infrastructure,” said Alfred Shyaka, an IT officer at Development Bank of Rwanda.