Represents more than half of all ICT investment by 2024.
The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP) , comprising of experts in cyber security from around the world, provided insights on how MAS and financial institutions (FIs) can bolster their cyber defences.
The Panel supported the adoption of “zero-trust” security principles and architecture to tackle advanced cyber threats and IT supply chain attacks. In addition, the panel also discussed cyber risks and mitigating actions in emerging technologies like blockchains and digital currencies.
Key insights from the CSAP meeting include:
- Strengthening security against cyber attacks in IT supply chains. The Panel cited the need for a concerted effort to drive cyber security standards adoption across IT supply chains, as well as incorporate security considerations throughout the system life cycle. They also stressed the importance of effective system monitoring and regular log reviews to facilitate prompt detection of suspicious cyber activities.
- Improving online payment and banking security. The Panel noted that multi-factor authentication (MFA) remained a key and effective tool for securing digital financial services. However, given that every authentication factor, whether based on short messaging service (SMS), software token or biometrics, could potentially be compromised, the Panel recommended that FIs complement MFA with transaction notification and data analytics to proactively detect cyber intrusions.
- Countering ransomware threats. The Panel underscored the need for an ecosystem approach to forge closer cross-border collaboration and public-private partnership, in order to deter and foil ransomware attacks. The Panel emphasised the importance of protecting golden source backup data for effective service recovery and recommended that FIs consider implementing immutable data storage technologies that are resistant to ransomware attacks.
- Securing blockchains and digital currencies. The Panel noted that the security awareness and competency of most developers in the blockchain space were not where they needed to be, and more could be done to strengthen security in their software development lifecycle. The Panel also highlighted the need to build up a sufficient pool of IT professionals who are well-versed in both blockchain technology and cyber security, and making more tools available to aid in the security implementation and testing of blockchains.
Ravi Menon, MAS’ managing director said MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally. These attacks have led to massive financial losses and disruptions of essential services.
“Our Cyber Security Advisory Panel has provided us rich insights on how the financial industry can deal with these threats. MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape,” he said.