The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel has encouraged financial companies to adopt the “zero trust” security principles and architecture to tackle advanced cyber threats and IT supply chain attacks. The panel has also provided insights on how financial sector should bolster its cyber defences.
The panel also discussed cyber risks and mitigated actions in emerging technologies like blockchains and digital currencies. “MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally,” said Ravi Menon, managing director at MAS.
“These attacks have led to massive financial losses and disruptions of essential services … MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape.”
The panel highlighted four major insights during its fifth annual meeting held late last week, which included countering ransomware threats; strengthening security against cyber attacks in IT supply chains; improving online payment and banking security and securing blockchains and digital currencies.
The panel underscored the need for an ecosystem approach to forge closer cross-border collaboration and public-private partnership, in order to deter and foil ransomware attacks. “It emphasised the importance of protecting golden source backup data for effective service recovery and recommended that financial institutions consider implementing immutable data storage technologies that are resistant to ransomware attacks,” MAS said.
It is of utmost importance for MAS to counter ransomware threats to achieve cyber resilience goals. “Financial institutions are prime targets for cybercriminals due to the value of the data they process,” Yeo Siang Tiong, general manager for South-East Asia at Kaspersky, told Regulatory Intelligence.
“While digital transformation for financial services, which has been accelerated by the pandemic, presents a vast opportunity for Singapore to advance our digital economy as part of the Smart Nation vision, rising cyber threats and data breaches have resulted in greater compliance and financial burdens,” he said. “A holistic ecosystem approach where public-private partnerships are forged is therefore key to tackling this global issue.”
There is an essential need for a concerted effort from financial institutions to drive cyber security standards adoption across IT supply chains, as well as incorporate security considerations throughout the system life cycle, the panel said.
“They also stressed the importance of effective system monitoring and regular log reviews to facilitate prompt detection of suspicious cyber activities,” MAS said.
Multi-factor authentication (MFA) remained a significant and effective tool for securing digital financial services, according to the panel. However, given that every authentication factor, whether based on short messaging service, software token or biometrics, could potentially be compromised.
As a result, the panel recommended that financial institutions complement multi-factor authentication with transaction notification and data analytics to proactively detect cyber intrusions.
The security awareness and competency of most developers in the blockchain space were not where they needed to be, and more could be done to strengthen security in their software development lifecycle, the panel said.
“The panel also highlighted the need to build up a sufficient pool of IT professionals who are well-versed in both blockchain technology and cyber security, and making more tools available to aid in the security implementation and testing of blockchains,” MAS said.
About the author
Yixiang Zeng is a senior correspondent with Thomson Reuters Regulatory Intelligence based in Singapore.