Speaker Interview- Adeoluwa Akomolafe

HOME / Speaker Interview- Adeoluwa Akomolafe

Adeoluwa Akomolafe is the current Chief Information Security Officer & Assistant GM at Wema Bank Plc.

His wealth of experience spans over 20 years cumulatively.

Adeoluwa Akomolafe will be speaking live at Finnovex West Africa Summit.

Please have a look at his view on our upcoming Leading Summit on Financial Services Innovation and Excellence held from 26th – 27th October 2021.Visit wa.finovex.com for more information.



Q- What approaches can Banks utilise in changing the outlook of cyber warfare within the West African Region?

Cybersecurity strategies have to change from being reactive to proactive; we need to be able to in a way “anticipate” cyber breaches; this might sound far-fetched but due to Digital transformation, security solutions/Technology have also reacted. Defenses can be boosted by implementing intelligence-driven measures, such as the use of artificial intelligence (AI), already applied in strengthening authentication methods via biometric logins for multi-factor authentication (MFA). Fraud monitoring tools these days are AI and Machine Learning (ML) based. There is improved technology in the user behavioural monitoring space which makes it possible to proactively stop fraudulent transactions. We also need to be proactive in testing our cyber defenses via Vulnerability and penetration tests; this ensures we deal with weaknesses in our infrastructure before they are exploited by fraudsters.



Q-The “New Normal” has led to the adoption of the technological way of life, how can Cybersecurity consciousness be instilled among staff members?

Training and awareness cannot be over emphasized and the best approach to this training is to bring it alive; what do I mean by this? We need to relate cybersecurity training to daily life activities; How do we secure social media accounts, how do we secure our home, cars, phones etc. When we are able to relate that to the work environment then staff members understand better and it becomes a part of them.

When cyber security training/awareness gets too technical it loses the non-technical audience. Staff MUST be able to relate to the content and message. Continuous Training and awareness is the key. When you start a work-from-home system, your staff’s home becomes part of your enterprise and apart from the technology you will deploy to ensure security they must be aware of their responsibilities.



Q- Can you highlight some evolving legal and regulatory context guiding the West African Fintech Space?

From a Nigerian perspective one major legal and regulatory context in the last two years is the launch of the NDPR (Nigeria Data Protection Regulation), as the saying goes; Data is the new Oil and its essential organizations and their customers understand their responsibilities and limitations when it comes to handling data. This has created awareness around Data especially in the FI sector as compliance has been made mandatory.



Q-Is there any specific training to stir up the awareness and adaptation to new threats that you would recommend to organisations?

There are several training programs available to organizations, I will advise HR learning teams consult their subject matter experts (CISO, CIOs) internally that can advise on the best approach. I will not want to mention any specific training so I am not seeing as endorsing any as the preferred approach/option.



Q- Bearing in mind that there is an inherent fear of people losing their jobs to “bots”, do you think automation is a more viable alternative to addressing the cyber skills shortage in the industry?

A recent article by Kenna Security’s Chief Data Scientist, Michael Roytman, explains the issue perfectly. “We don’t have a workforce shortage problem,” he says. “What we have is an automation-in-the-wrong-place problem.” For e.g. in the vulnerability management space, he argues that risk-based, data-driven approaches can overcome any skills shortages that organisations may have by focusing efforts on the bugs most likely to be exploited.

This same logic can be applied to other areas “The key is to find tools, datasets, and statistical methodologies that can help you separate the signal from the noise. The right tools will help you quantify risk and apply that analysis to prioritise the actions that get the most meaningful results.”

In summary; automation deployed intelligently can help with cyber skills shortage but not eliminate it in its entirety.



Q-. Can you state 5 crucial steps for successfully developing technical infrastructure that would be more resilient to new cyber threats?

Several industry articles have provided different ways to ensure secure infrastructure, and I will just list 5:

  1. Run a Network Security Audit
  2. Conduct Security Awareness Training
  3. Limit User Access Privileges to the Minimum Necessary for Work
  4. Have a mature Patch Management program
  5. Review security tools to ensure the right tools are deployed to mitigate cyber risks



Q-. Describe how the face of Cyber Warfare has changed with the West African Region in 3 words?

This is a tough question, not sure I can manage in 3 words - “Ransomware, Phishing, DDOS”.