Interview

February 4, 2025

How financial institutions can strengthen cybersecurity, compliance against evolving threats – Jooda

How financial institutions can strengthen cybersecurity, compliance against evolving threats – Jooda

By Elizabeth Osayande

In today’s digital era, financial institutions are prime targets for cybercriminals due to the sensitive nature of the data they handle. From online banking transactions to cloud-based financial services, the increasing reliance on technology has expanded the attack surface, making cybersecurity and regulatory compliance more critical than ever. As cyber threats continue to evolve, financial institutions must adopt robust security frameworks to safeguard their infrastructure, protect customer data, and ensure regulatory compliance.

The above is the notion of cybersecurity and information security governance expert Tope Oladele Jooda. Jooda has over 15 years of experience in financial security, risk management, and regulatory compliance, specialises in ISO 27001 – Information Security Management System, ISMS, PCI DSS – Payment Card Industry Data Security Standard, and SOC 2 compliance, helping financial institutions strengthen their cyber resilience, data protection, and risk mitigation strategies.

Bio of Jooda
Tope Oladele Jooda, Head of Security Compliance & Governance in a Tier 1 bank in Nigeria, leads strategic initiatives in cybersecurity risk assessments, business continuity planning (ISO 22301), and IT governance. Before this, he held key cybersecurity consulting roles at Phillips Consulting, where he successfully managed ISO certification audits, security framework implementation, and compliance programs for top-tier banks, financial institutions, and FinTech companies across Africa.

Beyond his organisational role, he is a recognised cybersecurity thought leader and mentor, actively contributing to the advancement of financial security, digital transformation, and regulatory compliance in the global banking sector. He has trained over 700 professionals, led cybersecurity awareness initiatives that have improved security culture across multiple industries and has been instrumental in shaping cybersecurity policies that enhance fraud prevention, data protection, and regulatory adherence.
His expertise has been sought after by regulatory bodies, financial institutions, and technology firms to develop cyber resilience strategies, risk management frameworks, and security compliance programs.

Jooda has also served as a judge for international cybersecurity and innovation awards, recognizing groundbreaking advancements in digital security, financial technology, and enterprise risk management.
With a passion for strengthening cybersecurity best practices, mentoring the next generation of security professionals, and influencing policy development. Jooda continues to drive impactful change in the financial sector and beyond.

In an exclusive interview with Vanguard, the cybersecurity financial expert shares some nuggets on how financial institutions can stem the menace of evolving threats in the sector.

Excerpt

What are the growing cybersecurity threats landscape? Landscape?

Cyberattacks on financial institutions have become more sophisticated and frequent, posing significant risks to data privacy and financial stability. According to industry reports, cyber incidents such as ransomware attacks, phishing scams, data breaches, and insider threats cost the global banking sector billions of dollars annually. With emerging threats like AI-driven cyberattacks and supply chain vulnerabilities, financial organizations must proactively strengthen their cybersecurity posture to mitigate risks.

What best practices for cybersecurity and compliance can financial institutions put in place?

To effectively combat cybersecurity threats, financial institutions should implement globally recognized security and compliance frameworks that provide structured approaches to risk management, data protection, and regulatory adherence. These include:
Implementing ISO 27001 for information security management. The International Organization for Standardisation (ISO) 27001 is a globally accepted framework that helps financial institutions establish, implement, maintain, and continuously improve an Information Security Management System (ISMS). Compliance with ISO 27001 ensures that organisations: Identify and mitigate security risks through continuous monitoring; Establish policies and procedures for data protection; conduct regular security audits and risk assessments; and improve resilience against cyberattacks.

The second is strengthening payment security with PCI DSS compliance. The Payment Card Industry Data Security Standard (PCI DSS) is essential for financial institutions and businesses handling card transactions. Compliance with PCI DSS ensures the protection of cardholder data by implementing stringent security controls such as Encryption and tokenization to secure payment data, Multi-factor authentication (MFA) to prevent unauthorized access, Regular vulnerability scans and penetration testing to identify weaknesses, and Strict access control policies to limit exposure to sensitive information.

The third one is enhancing risk management with SOC 2 and ISO 31000. The Service Organization Control Type 2 (SOC 2) standard focuses on the secure management of customer data. It ensures that third-party service providers, cloud platforms, and financial technology (FinTech) firms adhere to best practices in data protection, security monitoring, and compliance.

Additionally, ISO 31000 – Risk management framework helps financial institutions adopt structured approaches to identifying, assessing, and mitigating risks associated with cyber threats, fraud, and regulatory non-compliance.

What is the role of business continuity in cyber sesilience?

Cyber resilience is incomplete without business continuity planning (BCP). Financial institutions must prepare for cyber disruptions, system failures, and data breaches by implementing: ISO 22301 – Business Continuity Management System (BCMS) to ensure minimal downtime in case of cyber incidents; Disaster recovery plans to restore operations efficiently after an attack; and incident response frameworks to address cyber breaches swiftly.

Can you provide case studies of how financial institutions are strengthening cybersecurity?

Global financial institutions have successfully enhanced their cybersecurity frameworks through the adoption of these best practices. For example, a Tier 1 Nigerian bank implemented ISO 27001 and reduced unauthorized access incidents by 70% in one year.
Another one is a leading payment processing company that achieved PCI DSS certification, significantly lowering fraud-related chargebacks. We also have a multinational financial firm that leveraged SOC 2 compliance to build customer trust and expand its cloud-based banking services.

Your advice for better proactive cybersecurity measures

As cyber threats continue to evolve, financial institutions must stay ahead of attackers by implementing strong cybersecurity policies, regulatory compliance frameworks, and proactive risk management strategies. Adopting standards such as ISO 27001, PCI DSS, SOC 2, and ISO 22301 will not only enhance security but also build customer trust and safeguard financial assets.

With increasing regulatory scrutiny and the financial impact of cyber incidents, the urgency to strengthen cybersecurity resilience has never been greater. Financial institutions must prioritize cybersecurity investment, employee training, and compliance with global security frameworks to ensure a secure and trustworthy financial ecosystem.

Exit mobile version