Singapore Publishes Updated Banking Cybersecurity GuidelinesMonetary Authority Offers Detailed Recommendations
The Monetary Authority of Singapore has published a revised set of guidelines for technology risk management to help the country's financial institutions mitigate cybersecurity threats.
The revised guidelines, released this week, are designed to assist banks, payment services companies, trading firms and insurance companies in developing enhanced risk mitigation strategies. The Monetary Authority, the nation’s central bank, also is calling on these organizations to share threat intelligence and conduct stress testing of their cyber defenses.
The guidelines, which are recommended best practices, describe how to mitigate potential threats associated with the increased use of cloud technologies, application programming interfaces and rapid software development. They also outline how to mitigate risks arising from third-party service providers. And they spell out the responsibilities of the board of directors and senior management in helping mitigate cyber risks.
The release of the guidelines comes as organizations continue to cope with SolarWinds supply chain hack (see: Free Auditing Tool Helps Detect SolarWinds Hackers' Malware).
"The recent spate of cyberattacks on supply chains, which targeted multiple IT service providers through the exploitation of widely used network management software, is a clear indication of a worsening cyberthreat environment," the Monetary Authority says.
Risk Mitigation Strategy
The guidelines recommend that financial institutions enhance their risk mitigation strategies by developing a process for sharing cyberthreat intelligence within their organization.
Financial institutions should regularly conduct stress tests to analyze their cyber defenses by simulating the attack tactics, techniques and procedures that attackers use, the guidelines point out.
"Interconnected financial ecosystems can be compromised to carry out fraudulent financial transactions, exfiltrate sensitive financial data or disrupt IT systems that support financial services," the guidelines note. "Hence, each FI should seek to understand their exposure to technology risks and put in place a robust risk management framework to ensure IT and cyber resilience."
Following a spate of data breaches in 2018, the Singapore Monetary Authority has taken a series of steps to strengthen the financial sector’s cybersecurity.
In 2018, the authority mandated financial institutions implement six security measures to better guard against cyberattacks. These included regularly updating software, establishing robust security for systems and connections, installing antivirus software, restricting the use of system administrator accounts and strengthening the authentication for these accounts (see: Security Requirements for Singapore Banks Proposed).
In September 2019, Singapore's Personal Data Protection Commission made it illegal for organizations to gather and hoard citizens' National Registration Identity Card numbers unless it is required by law or the individual has given permission (see: Singapore Adopts Stricter ID Collection Rules).
In November 2020, the Monetary Authority introduced the use of enhanced identity verification during mobile and online banking transactions to combat rising impersonation and identity theft (see: Singapore Looks to Enhance Banking ID Verification).