MASERU – The Central Bank of Lesotho (CBL) is now on top of the game after successfully overcoming the cyberattacks it has been battling over the past three weeks. In a recent statement, the CBL declared that it has fully recovered and restored its payment system services, as of December 22, 2023. The bank had suffered a cybersecurity breach and following the incident, it had to shut down its network and systems, including the national payment systems, in order to invoke the recovery protocols.
“The Bank wishes to thank the Bankers Association of Lesotho (BAL) for ensuring that inter-bank payments did not come to a complete halt. The Bank gratefully acknowledges the endeavours of all banks of working harder, going beyond their normal modes, to ensure the continuity of payment services,” CBL highlighted.
The terror attack seriously set back the nation’s entire business sector, while individuals’ shopping plans for the festive season were severely compromised. This cyberattack caused significant disruptions in the banking system, resulting in delays and manual operations for banks, thus, made the current festive season particularly challenging for many families, as they are unable to access their funds. As a result, most people are still struggling financially and are unable to prepare for the festivities as they normally would.
For a week the banking sector in Lesotho came to a halt as various services, including money transfers, were temporarily suspended due to cyber-attacks on the national payment system of the Central Bank of Lesotho (CBL) on December 11. Earlier, CBL stated that the bank experienced a cyber-security attack, which forced the suspension on some of its systems to prevent further infiltration.
In a joint statement released on Wednesday last week, the Bankers Association of Lesotho (BAL) and the Central Bank of Lesotho (CBL) addressed the issue of the National Payments System Downtime, acknowledging its impact on inter-bank transactions within the country.
“These are payments and transactions that would normally flow from one bank to another,” the statement noted. It also stated that technical teams from the Central Bank of Lesotho as the regulator and the banking industry as a whole were working tirelessly to resolve the breach and the nation would be notified as soon as the system is back in operation.
Both businesses and individuals expressed concerns over the prolonged duration of interbank payments. Cyberattacks have become common in the banking sector globally. In November, National News reported that the biggest bank in China ICBC was hit by a cyber-attack, the incident, which forced the Chinese lender to use USB sticks to carry out trade. The breach is believed to have been carried out by Ransomware Group Lockbit which is becoming more frequent and sophisticated, and financial services organizations are prime targets for cybercriminals.
The attack, which was first reported by the Financial Times, was launched against Beijing-based ICBC’s financial services unit and is suspected to have been carried out by underground organisation LockBit, one of the active ransomware groups globally, Bloomberg reported, citing sources.
ICBC Financial Services confirmed the attack on its website, saying it had “resulted in disruption to certain FS (financial services) systems”.
It is, however, reported that cybersecurity is the highest priority for banks as 71 percent of financial service leaders expect to increase their spending in cybersecurity solutions this year alone, while banks now more than ever have been experiencing an alarming increase in cyberattacks and scams during the pandemic.
In 2022, the average cost of a data breach for US companies reached US$9.44 million which is equivalent to M175 395 200, surpassing the previous year’s figure of US$9.05 million, which is equivalent to M168 272 985.
The financial services sector, with its growing reliance on digital platforms and the surge in electronic transactions, is particularly vulnerable to cyber threats.