SINGAPORE – The rise of remote working amid the Covid-19 pandemic has in turn heightened technology-related risks, making it crucial for financial institutions to review their security controls said the Monetary Authority of Singapore (MAS).
Among the recommendations by the MAS Cyber Security Advisory Panel (CSAP) were for financial institutions to review their risk profiles and adequacy of risk mitigating measures, to maintain oversight of third-party vendors and to strengthen governance of the use of open-source software.
These were presented at a meeting with MAS management meeting on Nov 5.
“Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic,” said MAS managing director Ravi Menon.
“But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities. Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats,” he added.
Financial institutions that have adopted remote access technologies have to assess if their cyber risk profiles remain acceptable, and implement controls in the long run to mitigate any new risks, CSAP said.
The panel also emphasised the need for financial institutions to step up their oversight of third-party vendors and to monitor and secure remote access by these third-parties to their systems.
Noting the vulnerabilities of open source software to malicious attacks or exploits, the panel recommended that financial institutions establish policies and procedures on the use of open-source software, and to ensure these codes are robustly reviewed and tested before they are deployed.
CSAP had also had virtual meetings on Nov 4 and 5 with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on enhancing cloud resiliency, monitoring insider threats, and the role of cyber insurance in risk management. Representatives from government agencies such as Ministry of Communications and Information, the Ministry of Defence, and Government Technology Agency also participated.