CYBER SECURITY CHALLENGES IN UGANDA’S BANKING SECTOR: AN INVESTIGATION INTO THE CAUSES OF CYBER ATTACKS
CHAPTER ONE
INTRODUCTION
1.1 Background of the study
Cyber attacks have caused a lot of loses to countries and individuals in different measures according to IMF’s Global Financial Stability Report (Adelmann et al., 2020), In the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, and from 2020 to 20224 direct losses amounted to an estimated $2.5 billion (Egerson et al., 2024).
Cyber attacks are currently one of the biggest challenges facing developing countries specifically Africa , though there has been a projected growth for African cyber security market , nations across the continent are loosing billions each year due to the increased cyber attacks, collectively African countries loose 4 billion Us dollars annually due to cyber attacks with specific countries like; Nigeria, Kenya, south Africa and Egypt lose more than $3.5b per annum as a result of digital attacks, Like many developing nations, Uganda has witnessed rapid adoption of digital technologies in recent years. While this digital transformation brings numerous benefits, it exposes the country to new risks of cyber-attacks. Cybercriminals capitalize on weaknesses in cyber security infrastructure, exploiting individuals, businesses, and government entities for financial gains or other purposes and as of 2022 Uganda lost 19.2 billion to cybercriminals and in 2023, over 245 cases were reported to police countywide, bringing a 5 billion loss.
1.2 Problem statement
The banks globally face a multitude of loses as a result of cyber criminals the size of these losses has more than quadrupled since 2017 to $2.5 billion (Natalucci, Qureshi, & Suntheim, 2024). Africa and Uganda in particular are no exception, and as of 2022 Uganda lost UGX19.2 billion to cybercriminals and in 2023, over 245 cases were reported to police countywide, bringing a UGX 5 billion loss (Daily monitor, Friday, April 05, 2024), in the banking industry direct and indirect loses like reputational damage or security upgrades are substantially higher, it is against this background that this study intends to investigate into cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber attacks.
1.3 Objectives of the study
- To examine the influence of external cyber threats on the vulnerability of the banking sector
- To investigate the influence of internal cyber threats on the vulnerability of the banking sector
- To determine the relationship between user technical awareness on vulnerability of the banking sector
1.4 Research Questions
- What is the influence of external cyber threats on the vulnerability of the banking sector?
- What is the influence of internal cyber threats on the vulnerability of the banking sector?
- What is the relationship between user technical awareness on vulnerability of the banking sector?
1.5 Scope of the study
This section will include the content, time and geographical scope;
1.5.1 Content scope
The contents of the study will include; external cyber threats on the vulnerability of the banking sector, internal cyber threats on the vulnerability of the banking sector and user technical awareness on vulnerability of the banking sector.
1.5.2 Geographical scope
The study will investigate the banking sector specifically the banks centenary bank, stanbic bank and pride microfinance bank.
Conceptual Frame Work
Cybersecurity Challenges (I.V) Vulnerabilities in the banking sector (DV)
| External cyber threats
· Hackers · Cyber criminals · Foreign actors targeting Internal cyber threats · Insider threats · Employee negligence User technical awareness · Training of employees · Knowledge on cyber crimes
|
| · Out dated banking software
· Old Hardware · Lack of encryption · Weak authentication protocols |
| · Data protection laws
· Poor cyber security regulation · Collaboration with law enforcement |
Mediating variables
CHAPTER TWO
LITERATURE REVIEW
2.0 Introduction
This section presents the study inline with other researcher inline with study objectives.
2.1 External cyber threats in the banking sector
The rise on the use of information technology in banking industry has exposed the financial institutions to different levels of cyber attacks, (Gulyas, & Kiss, 2023). New technologies, such as cloud computing or mobile banking, face expansive attack attempts from different agents on many levels (Hasan, & Al-Ramadan, 2021). The attackers target vulnerabilities that can be exploited to steal customer data, (Berdyugin, & Revenkov, P2019).
Since the introduction of Automatic teller cards (ATM) there are many online credit card frauds which are made when a customer use their credit card or debit card for any online payment , during these transactions normally hackers get information from the ATM cards (Omotosho et al., 2023).
Cyber attacks like phishing attacks are a social engineering technique that cyber criminals employ to influence a customer of a financial institution to reveal personal information, such as an email address, username, password, or financial information after this information is then used by the attacker to the disadvantage of the victim (Alabdan, 2020).
2.2 Internal cyber threats on the vulnerability of the banking sector
Banking industry mainly in developing countries are prone to high risks orchestrated by use sometimes of outdated software that is vulnerable to hackers, (Alzoubi et al., 2022). The hackers and other cyber criminals can exploit the gaps in the software when not for example, Bangladesh’s central bank succumbed to SWIFT hackers in 2016 and lost US$81 million (Gladstone, 2016).
Use of out-dated computer hardware’s , which can be easily compromised , more to that these old hardware’s are not compatible with the new existing software’s that could have the ability to prevent hacking (Alhayani, Abbas, Khutar, & Mohammed, 2021).
Lack of a well comprehensive policies regarding online transactions by the bank, Cybersecurity risk occurs because banks and other financial institutions are often unable to ensure an appropriate set of tools, technologies, training, and best practices to protect networks (Putrevu, & Mertzanis, 2024).
The use of software that have do not have strong verification capabilities exposes banks to cyber criminals , software which are vulnerable to viruses like a ransomware attack , this exposes the financial institution to cyber criminals for example.
2.3 User technical awareness on vulnerability of the banking sector
Some times employees in the organization with no technical skills may cause data breaches something that could expose the financial institution at risk of cyber attacks , like for examples a former employee of wells and fargo on December 31, 2021, e-mailed files containing private information from Well’s Fargo’s servers, this kind of practice exposes the financial institution on to cyber criminals who after accessing a customer sensitive data are able to access their bank accounts (Ibrahimnur, 2023).
The data breaches in the financial industry are extremely according to Verizon’s data breach investigation report (DBIR) places the financial industry in the top five for the number of security incidents in 2021. Access to valuable data that can be used in fraud and other cyberattacks makes the financial industry a target for expensive and damaging data breaches (Sipayung, Yanti, & Setya, 2022 ).
Banks whether in developed or developing country are all under constant threat by ransomware infections, phishing schemes, and account takeover attacks. These threats can result in data breaches, interruption to operations, and costly remediation (Hassan et al., 2023).
Technical knowledge among employees is essential since in the modern error Knowledge has become one of the most highly valued commodities in the modern economy, the knowledge of employees in managing the sensitive information and also in using the computer systems very well are important in protecting the bank from cyber criminals (Oloko, 2024).
CHAPTER THREE
METHODOLOGY
3.0 Introduction
This chapter presents the methodology which consists of the research design, area of study, study population, sample population and selection, sampling technique, data collection method, data quality control, data collection procedures and limitations of the study.
3.1 Research design
The study will use descriptive research design. The design will avail the researcher with comprehensive information about the research study as a way of getting solutions.
3.2 Area of the study
The study will be carried out at Head office of centenary bank, stanbic and pride microfinance banks.
3.2 Study population and sample size
The study will target, credit officers, management staff and top management in these banks.
3.3 Sampling techniques
The study will use simple random sampling technique to select respondents, while the purposive sampling technique will be used for selecting top management.
3.4 Data collection methods
Source of data will be from both primary and secondary sources.
3.5 Data Collection Instruments
The major instruments for data collection will be questionnaires and interview guide. The questionnaire will provide respondents with ample time to comprehend the questions raised and hence, they will be able to answer factually.
3.6 Data collection procedures
Upon receiving the University permission to carry out research, the area of study will be visited for purposes of familiarization.
3.7 Quality control of data instruments
The instrument will be taken to the supervisor to check its correctness there after pilot study will be carried out to find out if it measures what it is meant to for.
REFERENCES
adelmann, f., ergen, i., gaidosch, t., jenkinson, n., khiaonarong, m. t., morozova, a., … & wilson, c. (2020). cyber risk and financial stability: it’sa small world after all. international monetary fund.
adesuyi, d. (2020). a critical analysis of the legal framework relating to cybercrime in uganda (doctoral dissertation).
alabdan, r. (2020). phishing attacks survey: types, vectors, and technical approaches. future internet, 12(10), 168.
alhayani, b., abbas, s. t., khutar, d. z., & mohammed, h. j. (2021). best ways computation intelligent of face cyber attacks. materials today: proceedings, 26-31.
alzoubi, h. m., ghazal, t. m., hasan, m. k., alketbi, a., kamran, r., al-dmour, n. a., & islam, s. (2022, may). cyber security threats on digital banking. in 2022 1st international conference on ai in cybersecurity (icaic) (pp. 1-4). ieee.
berdyugin, a. a., & revenkov, p. v. (2019). approaches to measuring the risk of cyberattacks in remote banking services of russia. безопасность информационных технологий, 26(4), 83-92.
dziwisz, d. (2023). stuxnet. in the handbook of homeland security (pp. 289-293). crc press.
egerson, j. i., williams, m., aribigbola, a., okafor, m., & olaleye, a. (2024). cybersecurity strategies for protecting big data in business intelligence systems: implication for operational efficiency and profitability. world j. adv. res. rev, 23, 916-924.
gulyas, o., & kiss, g. (2023). impact of cyber-attacks on the financial institutions. procedia computer science, 219, 84-90.
hasan, m. f., & al-ramadan, n. s. (2021). cyber-attacks and cyber security readiness: iraqi private banks case. social science and humanities journal (sshj), 2312-2323.
hassan, s. w. u., kiran, s., gul, s., khatatbeh, i. n., & zainab, b. (2023). the perception of accountants/auditors on the role of corporate governance and information technology in fraud detection and prevention. journal of financial reporting and accounting
ibrahimnur, a. a. (2023). impact of cybercrime on the finance sector: a case of banks in nairobi county, kenya (2008-2022) (doctoral dissertation, university of nairobi).
kraken, j. (2019). analysis of malware-the morris worm.
morrison, b. a., coventry, l., & briggs, p. (2020). technological change in the retirement transition and the implications for cybersecurity vulnerability in older adults. frontiers in psychology, 11, 623.
natalucci, f., qureshi, m. s., & suntheim, f. (2024). rising cyber threats pose serious concerns for financial stability. international monetary fund.
oloko, e. (2024). auditors’ perceptions and experiences regarding internal controls mitigating employee fraud in businesses (doctoral dissertation, capella university).
omotosho, o., aroyehun, a., ogunwale, y., lala, o., & onamade, o. (2023). design and implementation of multifactor authentication in curbing automated teller machine cybercrime. information technology, 2(2).
putrevu, j., & mertzanis, c. (2024). the adoption of digital payments in emerging economies: challenges and policy responses. digital policy, regulation and governance, 26(5), 476-500.
putrevu, j., & mertzanis, c. (2024). the adoption of digital payments in emerging economies: challenges and policy responses. digital policy, regulation and governance, 26(5), 476-500.
sipayung, e. s. n., yanti, h. b., & setya, a. b. (2022, december). impact of anti-fraud awareness, fraud detection procedures, and technology to fraud detection skill. in 3rd borobudur international symposium on humanities and social science 2021 (bis-hss 2021) (pp. 783-787). atlantis press.
Dear respondent
I am AMY AMINA ITOGOT a student , am carrying out a study on “ cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber attacks” the information given shall be treated with utmost confidentiality and shall only be used strictly for academic purpose, I kindly request for your participation in this study by answering the questionnaires.
BIO DATA OF RESPODENTS
SECTION A:
- Gender: Male female
- Age a) 18 -29 b) 30 – 39 c) 40 and above
- Educational level
Master’s degree Bachelor’s degree diploma others
- In what capacity are you this bank ?
- Finance b) credit c) Senior management
d)T op management
- For how long have you been working with this bank?
- less than 2 years c) 6-10 years
- 3-5 year d) 11 years and above
SECTION B: 1 External cyber threat in the banking sector
This section presents External cyber threats in the banking sector
Key: SA=strongly agree, A=agree, N=neutral, D=disagree, SD=strongly disagree
Tick in the box where appropriate.
Please mention other External cyber threats in the banking sector?
……………………………………………………………………………………………………………………………………………………………………………………………………
Please tick one appropriate.
SECTION C: Internal cyber threats on the vulnerability of the banking sector
This section presents internal cyber threats on the vulnerability of the banking sector
Key: SA=strongly agree, A=agree, N=neutral, D=disagree, SD=strongly disagree
SECTION D: User technical awareness on vulnerability of the banking sector
This section presents User technical awareness on vulnerability of the banking sector
Key: SA=strongly agree, A=agree, N=neutral, D=disagree, SD=strongly disagree
| User technical awareness on vulnerability of the banking sector
|
Response | ||||
| SA |
A |
N |
D |
SD | |
| Employees computer usage is regularly supervised | |||||
| Employees are allowed to share passwords | |||||
| Employees can go with the organization’s computers to their homes | |||||
| Employees are trained on how to use the organization online platforms | |||||
| Employee training is done to ensure that they align to company policies | |||||
