ABJ held “Cybersecurity Management” workshop its headquarters on Tuesday, August 31, 2021, in which a large number of chairmen, members of boards of directors, general managers and officials of member banks participated. The workshop was held face-to-face and via Zoom video call technology at the same time.
The workshop is significant as cybersecurity is a major topic locally and internationally in light of the competition that banks face globally in providing banking services and digital work for which cybersecurity is one of its main requirements.
Mr. Nader Qahoush, who is a banking expert specializing in governance, risk management, information security, control and auditing spoke about the nature of cybersecurity referring to the size of losses suffered by global institutions that exceeded their total in one year such as in 2016 the GDP of a country like Denmark, and this comes according to disclosures and studies of the International Economic Forum. Mr. Qahoush also touched on bank, boards of directors as well as senior executive management representatives with regard the management and governance of cybersecurity and information technology in accordance with accepted global practices and the Central Bank of Jordan instructions in this regard. He also talked about risk management, monitoring and evaluation mechanisms, building cybersecurity risk records, assessing the level of maturity, auditing and oversight on cybersecurity issues as well as presenting the global and local regulatory, legislative and supervisory frameworks for cybersecurity noting the need to follow the approach of exchanging and sharing data and information of cyber-attack among banks as this has an effective impact in limiting the amount of possible losses and counteract a cyber-attack.
Mr. Qahoush added that the conversation today has moved from cybersecurity to cyber resilience at the local and international sectoral and financial levels and not only at the institutional level noting that cyber resilience is defined as the ability to anticipate a cyber-attack before it occurs in addition to the ability to withstand and absorb the attack impact and then recover and maintain the institution’s sustainability during and after the attack.
Mr. Qahosh reviewed the mechanisms used by hackers, whether individuals or institutions, in the cyber-attack and also touched on the advanced cyber-attack of a persistent nature (APT) noting that the hacker does not target the victim only in the short term but rather goes beyond to medium and long term. The hacker may adopt a long-term strategic plan to destroy the organization by planting human agents in the form of hackers, so it is wise not to underestimate the importance of the recruitment and promotion procedures so they are based on foundations and controls guaranteeing integrity and transparency.
Mr. Qahoush stressed that cyber resilience includes the human element and operating mechanisms in addition to information technology not just the technical aspect that expresses cybersecurity.
The workshop held a high level of interaction by the attendees and included many discussions and exchange of views in addition to allocating a part for the attendees’ questions and answer them by the lecturer.