The Central Bank of Kenya (CBK) is calling on banks to enhance audits of staff and business arrangements with third parties.
This comes in the wake of rising fraud in the sector.
Governor Patrick Njoroge said on Friday that in securing customers, banks should not forget that most of the cyber security threats in the sector are initiated from own staff or other people who have access to their systems.
“Even as banks address customers, they also ought to take a closer look at whether they have effectively addressed cybersecurity internally.
“They must regularly assess whether their key assets — staff — are turning into key liabilities,” said Dr Njoroge in Nairobi.
“Highly qualified staff are often categorised as key assets. However, there has been an increase in cyberattacks perpetuated by or with the help of insiders. In this regard, there is need to ensure staff are properly vetted.”
He was speaking at a Kenya Bankers Association (KBA) event to roll out #KaaChonjo campaign, an annual initiative aimed at educating consumers on how to protect themselves from fraud-related risk.
Dr Njoroge said that proper vetting of staff at entry point can help keep off fraudsters.
Further, he called for proper segregation of duties and development of insider-threat programs to mitigate risk.
With increased trend of outsourcing services by banks to enhance efficiency, the CBK boss warned that this is also posing additional risks.
It is imperative that banks review their outsourcing arrangements since third party connections may not always be secure, according to Dr Njoroge.
“Institutions may not be aware of the controls and policies that the service provider has. They need to audit such service providers to ensure they adhere to cybersecurity standards,” he said.