The Monetary Authority of Singapore, the nation’s central bank, has mandated that financial institutions comply with risk management guidelines within the next 12 months in an effort to strengthen the cyber resilience of these organizations.
Complying with the risk management guidelines is legally binding for banks, insurance brokers, financial advisers, financial holding companies, e-payment companies and capital markets. Over 1,600 of these firms are licensed by the central bank.
“Cyber threats in the financial sector are growing because of increased digital footprint and pervasive use of the internet,” says Tan Yeow Seng, chief cybersecurity officer at MAS. “The financial sector must remain vigilant and ensure that defenses are able to counter varied and evolving threats.”
Key Steps
The guidelines require that financial institutions:
- Ensure patching updates are applied to address system security flaws in a timely manner;
- Deploy security devices to restrict unauthorized network traffic;
- Implement measures to mitigate the risk of malware infections;
- Secure the use of system accounts with special privileges to prevent unauthorized access;
- Strengthen user authentication for critical systems as well as systems used to access customer information.
- Financial institutions have until Aug. 6, 2020 to comply with all the new guidelines.
Source - https://www.inforisktoday.in/singapore-sets-cybersecurity-requirements-for-banks-a-12891?rf=2019-08-09_ENEWS_SUB_IR__Slot1_ART12891&mkt_tok=eyJpIjoiWkRkaE5XSTNNelJpTVRJNSIsInQiOiJXS3owOG8xOHBqcytieWlhejRYRVVRZmVGUFZnVENMRm1XM3hUVGNrVGUrbjNsaXd0b1lDQUoyelZpZG5NTnVtSHAwZlliRTJKeVNhNmVvOE1pTkxIc1BpOFIwdGFoaGlEbjZqQVQwRzJRXC80MHlXMng1dXZxWmpxU2JiQ21ob2kifQ%3D%3D
This doesn’t surprise me at all, given the previous stance from the MAS.