The Monetary Authority of Singapore (MAS) has underscored the need for a concerted effort to drive cyber security standards adoption across IT supply chains, with its Cyber Security Advisory Panel citing the need for a renewed focus on strengthening security against cyber-attacks on IT supply chains.
The issue was discussed at the fifth annual meeting of the central bank and financial regulatory agencies’ Cyber Security Advisory Panel (CSAP). The panel stressed the importance of adopting cyber security standards throughout IT supply chains and also emphasised the importance of incorporating security considerations throughout the system life cycle.
Our Cyber Security Advisory Panel has provided us rich insights on how the financial industry can deal with these threats. MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape.
– Ravi Menon, MAS Managing Director
Key insights from the CSAP meeting include:
- Strengthening the security of IT supply chains against cyber-attacks. The Panel stressed the importance of a coordinated effort to accelerate cyber security standards adoption across IT supply chains and to incorporate security considerations throughout the system life cycle, according to the report. They also emphasised the value of effective system monitoring and regular log review in detecting suspicious cyber activity quickly.
- Increasing the security of online payments and banking. Multi-factor authentication (MFA) remains an important and successful technique for protecting digital financial services, according to the Panel. However, because any authentication factor, whether based on SMS, software tokens, or biometrics, could be compromised, the Panel suggested that FIs use transaction notification and data analytics in addition to MFA to proactively detect cyber-attacks.
- Defending against ransomware attacks. To deter and disrupt ransomware attacks, the Panel stressed the importance of an ecosystem strategy that fosters closer cross-border collaboration and public-private partnerships. The Panel recognised the significance of securing golden source backup data for successful service recovery and advised FIs to consider deploying ransomware-resistant immutable data storage systems.
- Securing digital currencies and blockchains. Most blockchain developers’ security awareness and skill were not where they needed to be, according to the Panel, and more should be done to increase security in their software development lifecycle. The Panel also stressed the importance of developing a sufficient pool of IT specialists who are knowledgeable in both blockchain technology and cyber security, as well as making additional tools available to aid in the implementation and testing of blockchains’ security.
“MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally,” said Ravi Menon, MAS managing director. “These attacks have led to massive financial losses and disruptions of essential services. Meanwhile, the CSAP noted that multi-factor authentication (MFA) remained a key and effective tool for securing digital financial services.
OpenGov Asia reported that the Cyber Security Agency (CSA) has launched a series of tool kits for enterprises, which provide guidance on cybersecurity issues tailored for senior business leaders, owners SMEs, as well as employees. The new toolkits help to simplify cybersecurity and enable businesses to make more informed trade-offs between security, system usability and cost.
The toolkit for enterprise leaders and SME owners will focus on the business reasons for business leaders and SME owners to invest in cybersecurity, such as rationalising investment in cybersecurity, and how fostering a culture of cybersecurity would enable enterprises to reap the benefits of digital transformation.
In addition, the Panel exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on their latest industry initiatives, including the adversarial attack simulation or red teaming exercise and bug bounty programme, as part of the two-day virtual meeting programme. The Cyber Security Agency of Singapore, the Defence Science and Technology Agency, the Government Technology Agency, the Infocomm Media Development Authority, the Ministry of Communications and Information, and the Smart Nation and Digital Government Office were among the participants.