The Monetary Authority of Singapore (MAS)’s Cyber Security Advisory Panel (CSAP) has stressed the need for financial institutions to review their security controls given the elevated technology-related risks in the current climate.
The risks arise from remote working and safe management measures due to the COVID-19 pandemic, MAS said in a press statement.
“Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic," said Ravi Menon, MAS’ Managing Director who chaired the CSAP meeting.
"But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities. Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats."
At the CSAP's fourth annual meeting with MAS management on November 5, the Panel shared its insights on cyber risks in the new operating environment and made several recommendations. In particular, it has called on financial institutions to review risk profiles and adequacy of risk mitigating measures.
The panel discussed the risks and vulnerabilities arising from the rapid adoption of remote access technologies and work processes that could affect the organisations’ cyber risk profiles. Financial institutions need to assess if their existing risk profiles have changed and remain acceptable, to ensure that in the long run appropriate controls are implemented to mitigate any new risks.
They also need to step up their oversight of these counterparts and to monitor and secure remote access by third-parties to the financial institutions’ systems. This is even more important during the COVID-19 pandemic where remote working has become pervasive.
Strengthening governance over the use of open-source software (OSS) is also crucial, as vulnerabilities in OSS are typically targeted and exploited by threat actors. The panel recommended that financial institutions establish policies and procedures on the use of OSS and to ensure these codes are robustly reviewed and tested before they are deployed.