Print this page
Tuesday, 22 March 2016 07:48

Police launches investigation on Bank of Uganda ugx27b fraud

Written by
Rate this item
(1 Vote)

On 11/03/2016, it was reported that Bank of Uganda (BOU) is under investigation to determine circumstances under which Ugx27billion was transferred to offshore accounts in Hong Kong and United Arab Emirates (UAE). This comes as the forth of four failed attempts by cyber criminals to retrieve a total of Ugx81billion from Bank of Uganda over the past 10 months since July 2015. In the report released by the Daily Monitor, hackers, middlemen and Ugandan bureaucrats are conniving to implement the thefts with major focus being placed on accounts with high budgets for instance The Defence, Energy and Agriculture ministries and Uganda National Revenue Authority.The first of these attempts is said to have occurred in July 2015 targeting Ugx40billion and the culprits re-emerged in December 2015 to steal Ugx6.7billion and then a month later to steal Ugx8billion and more recently on February 26, 2016 where Ugx27billion was targeted.

While all the money is said to have been recovered through the inter-bank procedure, sources familiar with these cases believe that there is a complex web of foreign-based IT-savvy individuals who are working with government officials that avail them with passwords and profile accounts with huge amounts of money to ease the theft. A case such as this creates a bad reputation not only for the central bank but also for foreign investors who may question the strength and integrity of the country’s financial system. However, Ministry of Finance Permanent Secretary Keith Muhakanizi assures the general public that these occurrences will be no more due to the strength of their Integrated Financial Management System of payment which is difficult to penetrate as evidenced by the failure of the past attempts.

In light of these events, it’s important that Ugandans in all sectors of the economy have a clear understanding of cyber threats due to advancement in technology, innovation and digital networks which all render time and distance irrelevant resulting into an always connected society. More so, the increased consumption of Information and Communications Technology has become part and parcel of the way we live, work and interact.

The following precautions are therefore recommended to ensure we are able to counteract the incidence and impact of cyber threats;

  1. The Executive management should obtain a clear understanding of cyber security and what impact it has on their business processes. This will enable such companies to have an understanding of any cyber threat from the highest level rather than leaving it only for the IT department.
  2. Ensure there is a strong team of people with a proven track record of skills and knowledge on the wide range of cyber threats because they have a clear understanding of risks facing the organization and they know how best to handle them.
  3. Focus more on strategies and policies that manage the risk of insider involvement in cyber-attacks since the reputation of an organization may be prime target. Effective response mechanisms to such threats should also be installed.
  4. Install security in ICT systems in order to protect highly sensitive data whose leakage may cause reputational damage either to the organization itself or its clients. This is because organizations continuously collect a lot of information that gives them a comparative advantage over other businesses and this information may be prime target for cyber criminals with malicious intent.
  5. Involving a third party in solving a cyber threat of the organization may be risky because the confidentiality and integrity for company information assets cannot be guaranteed.
  6. Members of cyber security teams should regularly seek to acquire more knowledge and skills about cyber-attacks in order to stay abreast with the latest information and to protect sensitive and critical information infrastructure since the level of sophiscation of cyber-attacks is advanced, stealth and persistent.
  7. Due to the increased use personal devices such as smart phones and laptops for official work, there is high rate of information exposure and yet cyber security teams focus more on official systems and equipment. Therefore, there is need to monitor the use of personal devices within the work space because cyber-attacks are now focusing on use of such devices to get access to corporate information.
Read 1909 times Last modified on Tuesday, 22 March 2016 08:05
Bridget Ingabire