MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector

These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:

• Establish and implement robust security for IT systems
• Ensure updates are applied to address system security flaws in a timely manner
• Deploy security devices to restrict unauthorized network traffic
• Implement measures to mitigate the risk of malware infection
• Secure the use of system accounts with special privileges to prevent unauthorized access
• Strengthen user authentication for critical systems as well as systems used to access customer information

MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.

Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS