Home News MAS advisory panel urges financial institutions to review security controls amid COVID-19

MAS advisory panel urges financial institutions to review security controls amid COVID-19

The Panel shared its insights on cyber risks in the new operating environment and made several recommendations

Author

Date

Category

- Advertisement -

The Monetary Authority of Singapore (MAS)’s Cyber Security Advisory Panel (CSAP) stressed the need for financial institutions (FIs) to review their security controls given the elevated technology-related risks arising from remote working and safe management measures due to the COVID-19 pandemic.

At its fourth annual meeting with MAS management on 5 November 2020, the Panel shared its insights on cyber risks in the new operating environment and made several recommendations. The key recommendations from the CSAP meeting include:

  • Reviewing risk profiles and adequacy of risk mitigating measures.

The Panel discussed the risks and vulnerabilities arising from the rapid adoption of remote access technologies and work processes that could affect FIs’ cyber risk profiles. The meeting highlighted the need for FIs to assess if their existing risk profiles have changed and remain acceptable. This is to ensure that in the long run appropriate controls are implemented to mitigate any new risks.

  • Maintaining oversight of third-party vendors and their controls.

With the increased reliance on third-party vendors, the Panel emphasised the need for FIs
to step up their oversight of these counterparts and to monitor and secure remote access by third-partiesto FIs’ systems. This is even more important during the COVID-19 pandemic where remote working has become pervasive.

  • Strengthening governance over the use of open-source software (OSS).
- Advertisement -

Vulnerabilities in OSS are typically targeted and exploited by threat actors. The Panel recommended that FIs establish policies and procedures on the use of OSS and to ensure these codes are robustly reviewed and tested before they are deployed in the FIs’ IT environment.

Mr Ravi Menon, MAS’ Managing Director who chaired the CSAP meeting, said, “Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic. But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities.

“Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats. CSAP members have provided useful recommendations on maintaining cyber security against the backdrop of growing reliance on remote working arrangements and cloud service providers.”

Over two days of virtual meetings, the Panel also exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on enhancing cloud resiliency, monitoring insider threats, and the role of cyber insurance in risk management.

Participants included representatives from government agencies such as Ministry of Communications and Information, Ministry of Defence, and Government Technology Agency.

Send in your scoop to news@theindependent.sg 

- Advertisement -

Man attacks teen, calls him a virus, damages his phone

Singapore—A sudden attack took a teen by surprise when one man started yelling at him, physically harming him, and throwing his phone into a nearby drain at around 10.30pm on Tuesday (Feb 23) on a section of the road near the...

3 migrant workers die after 10 injured in Tuas industrial building blast

Singapore – Three of the 10 workers injured in an explosion at an industrial building in Tuas on Wednesday (Feb 24) died on Thursday. The Singapore Civil Defence Force (SCDF) responded to a fire at No. 32E Tuas Avenue 11 at around...

Film producer says Myanmar maid called her family, wanting to go home, two weeks before she died

A video producer who visited the family of Piang Ngaih Don, the Myanmar maid beaten and starved to death by her employers in 2016, says Ms Piang somehow managed to call her family just two weeks before she died. She told...

Send in your scoop to news@theindependent.sg 

Theindependent