Strengthening Fintech Security in Uganda: An Analysis of Insider Threats and Effective Risk Management Strategies
DOI:
https://doi.org/10.47604/ijts.2783Keywords:
Insider Threats, Risk Management Framework, Fintech Banking, Finance, SecurityAbstract
Purpose: The purpose of this study is to analyze security policies and risk management practices for reducing insider threats in the Fintech industry in Uganda. The study aims to classify and identify insider threats, examine how they relate to risk management procedures, and offer practical recommendations for improving Fintech companies’ security measures.
Methodology: The study adopted a descriptive research design, focusing on diverse respondents across various sectors. Data was collected through surveys from 25 respondents, including IT security specialists, accountants, finance officers, and other relevant roles. The sectors represented included Banking and Finance (52%), Security (12%), Information Technology and Telecommunications (8% each), and others such as Agriculture, Civil Society, and Public Service (each 4%). The study employed both qualitative and quantitative data collection methods, with secondary data reviewed from existing literature and case studies. Statistical analysis was conducted using SPSS to interpret the data and identify trends in insider threat occurrences and risk management practices.
Findings: The study revealed that insider threats in Uganda's Fintech sector can manifest in both physical and cyber forms. The predominant risk management practices identified include proactive measures such as robust security policies, access controls utilized by 88% of respondents, security awareness training by 80%, and continuous monitoring by 68%. Incident response and reporting procedures were also critical, ensuring that breaches are swiftly addressed to minimize impact. There was a significant positive correlation (r = .65; p < 0.05) between the frequency of past insider attacks and the regularity of risk assessments, underscoring the importance of regular evaluations in mitigating risks.
Unique Contribution to Theory, Practice and Policy: The study contributes to the theoretical understanding of how local cultural attitudes and regulatory frameworks impact effectiveness of risk management strategies, providing insights that can inform RMF adaptations in similar contexts. For practitioners, it recommends development and implementation of robust security policies, employee training programs, and advanced monitoring systems. Policy-makers are advised to support regulatory frameworks that mandate regular risk assessments and the adoption of best Fintech practices.
Downloads
References
Alahmadi, B. A., Legg, P. A., & Nurse, J. R. C. (2015). Using Internet Activity Profiling for Insider-threat Detection. Paper presented at the International Conference on Enterprise Information Systems.
Alissa Irei, S. S. (2023). What is incident response? Plans, teams and tools. Retrieved from https://www.techtarget.com/searchsecurity/definition/incident-response
Al-Qurishi, M., & Abad, A. M. (2021). Insider threats in organizational environments: A systematic review. Journal of Information Security and Applications, 63, 102550.
Arim, A., & Wamema, J. (2023). Towards an improved framework for E-risk management for digital financial services (DFS) in Ugandan banks: A case of Bank of Africa (Uganda) Limited. Journal of Information and Organizational Sciences, 46(1), 103-127. https://doi.org/10.31341/jios.46.1.6
Bishop, M., & Gates, C. (2019). Defining the insider threat. Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, Article No. 15, 1-3. ACM.
CISA. (2023). Defining Insider Threats. Retrieved from https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats
Deloitte. (2022). Study on the state of Uganda’s Fintech Industry.
Duncan, A. J., Creese, S., & Goldsmith, M. (2015). An overview of insider attacks in cloud computing. Concurrency Computation: Practice Experience, 27, 2964 - 2981.
Holmes, A. E. (2021). Exploring the challenges of the Risk Management Framework implementation for cybersecurity professionals (Doctoral dissertation, Northcentral University).
Hunker, J., & Probst, C. W. (2011). Insiders and Insider Threats-An Overview of Definitions and Mitigation Techniques. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2(1), 4-27.
J., & Lee, D. (2020). An integrative framework for managing insider threats: Linking risk management practices and insider threat management approaches. Computers & Security, 96, 101981
Lee, J., & Lee, Y. (2020). Understanding the Complementary Role of Risk Management in Insider Threat Mitigation. Journal of Cybersecurity Management, 12(3), 45-59.
Liu, L., De Vel, O., Han, Q. L., Zhang, J., & Xiang, Y. (2018). Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials, 20(2), 1397-1417. https://doi.org/10.1109/COMST.2018.2800740
Makeri, Y. A., Asiimwe, J. P., & Ngugi, H. N. (2021). Cyber security awareness among Ugandan university lecturers: Challenging factors influencing change. Journal of Applied Sciences, Information and Computing, 2(2). Kampala International University. https://jasic.kiu.ac.ug
Malaika, A. K. M. (2021). IMF Working PaperMonetary and Capital Markets Department and Information Technology Department; Central Bank Risk Management, Fintech and Cyber
NIST. 2010. NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. National Institute of Standards and Technology, February 2010. http://www.nist.gov/manuscript-publicationsearch.cfm?pub_id=904985.
Rowan, P., Garvey, K., Zhang, B., Soriano, M., Umer, Z., Cloud, K., Cracknell, D., Singh, A., Kutosi, S., & Ahimbisibwe, D. (2018). FinTech in Uganda: Implications For Regulation. ERPN: Regulation (Topic). https://doi.org/10.2139/ssrn.3621272.
Saxena, N., Hayes, E., Bertino, E., Ojo, P., Choo, K.-K. R., & Burnap, P. (2020). Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses. Electronics, 9(9), 1460. doi:10.3390/electronics9091460
Varga, S., Brynielsson, J., & Franke, U. (2021). Cyber-threat perception and risk management in the Swedish financial sector. Computers & Security, 105, 102239. doi:https://doi.org/10.1016/j.cose.2021.102239
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Mackenzie Deborah, Sam Njunwamukama
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.