Singaporean regulator reiterates concerns about cyber security of financial institutions
Financial services providers are encouraged to implement measures to secure data stored on the cloud and their network connections to the cloud service provider.
The Cyber Security Advisory Panel (CSAP) of the Monetary Authority of Singapore (MAS) has reiterated concerns about cyber resilience of financial services providers and has made clear some expectations that it has about these companies with regard to their cyber security.
Singapore’s financial institutions (FIs) are increasingly using public cloud services for cost savings, system scalability, and speed to market. CSAP members suggest that small and medium sized FIs, given their limited resources and capabilities, can improve their cybersecurity by using reputable cloud solution providers that have strong cybersecurity capabilities. There is no clarification, however, on how a small financial business can actually afford itself to use the services of reputable cloud solution provider.
CSAP members also acknowledge there are concentration risks stemming from a growing number of financial services relying on a limited pool of cloud service providers. For that matter, FIs are expected to implement measures to secure data stored on the cloud and their network connections to the cloud service provider. Members also said that cloud service providers should provide greater transparency to their customers on how they implement security measures to protect their systems and information.
FIs are actively making their APIs available to third parties such as service providers and business partners to enrich the quality and customization of their financial services. As APIs expose FIs to higher risks of cyber threat, CSAP members proposed measures which FIs may adopt when embarking on their open API journey. These measures include performing risk assessment of the third parties using their APIs and monitoring activities related to API services for suspicious events.
Talking of cyber security, let’s recall that last month MAS opened consultation on measures to strengthen cyber resilience of financial institutions. There are still a couple of days left to submit comments on the proposals.
Under the proposals, FIs will be required to implement six cyber security measures:
- address system security flaws in a timely manner;
- establish and implement robust security for systems;
- deploy security devices to secure system connections;
- install anti-virus software to mitigate the risk of malware infection;
- restrict the use of system administrator accounts that can modify system configurations; and
- strengthen user authentication for system administrator accounts on critical systems.
The consultation closes on October 5, 2018.