Architecting cyber security for Uganda’s Fintech sector

According to a 2022 study by Deloitte, Uganda’s fintech ecosystem is thriving due to high skills availability, growing digital literacy, and the need for alternative financial inclusion models.

By Michael Mukasa

Uganda is currently one of the leaders in digital economic contributions in Africa at 7% with a significant evolution and innovation within the fintech sector.

According to a 2022 study by Deloitte, Uganda’s fintech ecosystem is thriving due to high skills availability, growing digital literacy, and the need for alternative financial inclusion models.

The sector is filling gaps and providing much-needed services to citizens in the country, which is reflected in its total transaction value of $10.57 million in 2023.

It's a thriving space that shows rich potential, but not just for investors and the Ugandan economy – cybercriminals also want a piece of the financial digital pie.

In October 2020, the Ugandan telecoms and banking sectors were seriously affected by a successful hack on the mobile money network in the country that resulted in expensive downtime and the theft of $3.2 million.

Ransomware, phishing, fraud, and user error are the most common causes of cyber breaches, and, cyberattacks are only increasing in sophistication.

Alongside a surge in innovation and ingenuity around fintech solutions and capability is an equal rise in cyberattack methods and vectors, putting Fintechs under pressure to protect data, remain compliant and stay secure.

It goes without saying that the fintech sector must prioritise cyber security, adopt robust governance, and risk management frameworks to safeguard itself against evolving online security threats.

The Bank of Uganda (BOU), National Information Technology Authority (NITA), DOP, and Financial Intelligence Authority (FIA) have all set specific standards for fintechs and expect them to adopt a certain security posture to remain compliant.

To ensure this happens, a key player who understands the risks and can provide the right solutions, along with resilient and scalable infrastructure, is needed.

Liquid Intelligent Technologies’ steadily growing pan-African telecommunication network, which includes satellite connectivity, subsea links, and our cross-continent terrestrial fibre network, make it the largest independent network of its kind in Africa.

This in turn enhances our ability to deliver cyber security, data centres, and cloud services, amongst others, to our fintech and other customers.

Most Fintechs have invested in foundational security elements such as perimeter security, endpoint security, identity and access management, and other essential security solutions required by an organisation living in the digital realm.

However, more customised security implementations are recommended that align with the need to protect against a very targeted threat.

Unfortunately, there are some challenges that the sector faces when it comes to implementing and maintaining the right levels of security, and the first is one experienced globally – skills and the lack of it.

Employees that have experience in cyber security are scarce, and those that have the skills are highly sought after.

The evolving threat landscape has driven demand for skills across all sectors, and the lack is inhibiting companies’ ability to effectively manage the threats. Another challenge is the cost of setting up and managing robust security.

Fraud detection and prevention systems can cost more than $50,000 per year, and added to this bill is the approximate $20,000 price tag for vulnerability assessments and ongoing maintenance.

Perhaps, however, one of the most complex challenges is human error. Most successful cyber-attacks result from a lack of education about how to recognise phishing links and emails.

The attackers are becoming more sophisticated, while users are more stressed and distracted. To minimise cyberthreats and attacks, companies need to collaborate with regulators, stakeholders, other fintechs, and specialist cyber security providers to ensure cyber security becomes a shared priority.

This will enable the growth of an ecosystem that fosters the development of solutions and resources that keep everyone cyber-safe.

The good news is that expert advice and solutions are available to Ugandan fintechs looking to ensure that their cyber security is up to scratch.

Liquid Intelligent Technologies can provide a 360 assessment of a fintech’s cyber security requirements and suggest and implement customised solutions.

We work hand-in-hand with our customers to ensure that their concerns are addressed.

Collaborative approaches, shared insights, and investment in a security partner is a solid route to changing the dynamic and providing the fintech with the support it needs to thrive despite the evolving threats.

Finally, and perhaps most importantly, smaller fintechs must step away from the belief that ‘small means safe’ – this is no longer true, and a successful hack can potentially result in the closure of a business.

___________________________________________________

Mr Michael Mukasa is the Chief Executive Officer, Liquid Intelligent Technologies Uganda