MAS recommends FIs review security controls amidst COVID-19
By Edil Corneille
The Monetary Authority of Singapore (MAS)’s Cyber Security Advisory Panel (CSAP) stressed the need for financial institutions (FIs) to review their security controls given the elevated technology-related risks arising from remote working and safe management measures due to the COVID-19 pandemic. The panel shared its insights on cyber risks in the new operating environment and made recommendations.
Ravi Menon, MAS’ Managing Director who chaired the CSAP meeting, said, “Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic. But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities. Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats. CSAP members have provided useful recommendations on maintaining cyber security against the backdrop of growing reliance on remote working arrangements and cloud service providers.”
The panel of the central bank discussed the risks and vulnerabilities arising from the rapid adoption of remote access technologies and work processes that could affect FIs’ cyber risk profiles. The meeting highlighted the need for FIs to assess if their existing risk profiles have changed and remain acceptable. This is to ensure that in the long run appropriate controls are implemented to mitigate any new risks.
With the increased reliance on third-party vendors, the need for FIs to step up their oversight of these counterparts and to monitor and secure remote access by third-parties to FIs’ systems has been emphasised. This is even more important during the COVID-19 pandemic where remote working has become pervasive.
It has been recommended that FIs establish policies and procedures on the use of open-source software (OSS) and to ensure these codes are robustly reviewed and tested before they are deployed in the FIs’ IT environment.
The panel also exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on enhancing cloud resiliency, monitoring insider threats, and the role of cyber insurance in risk management. Participants included representatives from government agencies such as Ministry of Communications and Information, Ministry of Defence, and Government Technology Agency.
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage