INTELLIGENT BRANDS // Enterprise Security
Monetary Authority of Singapore enhances guidelines to combat heightened cyberattacks
The Monetary Authority of Singapore ,
the central bank of Singapore , has issued revised Technology Risk Management Guidelines to keep pace with emerging technologies and shifts in the cyberthreat landscape .
The revised guidelines , following the massive SolarWinds cyberattack that affected firms all over the world , focus on addressing technology and cyber-risks in an environment of growing use by financial institutions ( FIs ) of cloud technologies , application programming interfaces and rapid software development .
The guidelines reinforce the importance of incorporating security controls as part of FIs ’ technology development and delivery lifecycle , as well as in the deployment of emerging technologies .
Joanne Wong , Vice President , International Markets , LogRhythm , said : “ The recent
SolarWinds incident will go down as one of the most consequential cyberattacks of the past decade and serves as a firm reminder for anyone operating in the digital space to never let their guard down .
“ Beyond more vigorous screening for external tech vendors , enterprises must take a more proactive stance to safeguard their operations . It is imperative that they maintain visibility over their entire network – including their trusted third-party vendor – to ensure they can identify and remediate threats with speed . After all , as the cyber threatscape continues to evolve , no one can afford to be sitting ducks for the next big attack .”
The revised guidelines set out the following enhanced risk mitigation strategies for FIs –
• To establish a robust process for the timely analysis and sharing of cyberthreat intelligence within the financial ecosystem ; and
• To conduct cyber-exercises to allow FIs to stress test their cyber-defences by simulating the attack tactics , techniques and procedures used by real-world attackers .
In light of FIs ’ growing reliance on third party service providers , the revised guidelines set out the expectation for FIs to exercise strong oversight of arrangements with third party service providers , to ensure system resilience as well as maintain data confidentiality and integrity .
Tan Yeow Seng , Chief Cyber Security Officer , MAS , said : “ Technology now underpins most aspects of financial services . Not only are financial institutions adopting new technologies , they are also increasingly reliant on third party service providers . The revised guidelines set out MAS ’ higher expectations in the areas of technology risk governance and security controls in financial institutions .” p
THE REVISED GUIDELINES SET OUT MAS ’ HIGHER EXPECTATIONS IN THE AREAS OF TECHNOLOGY RISK GOVERNANCE AND SECURITY CONTROLS IN FINANCIAL INSTITUTIONS .
68
INTELLIGENTCIO APAC www . intelligentcio . com