MAS proposes four ways financial services can keep their data secure
MAS is paying close attention to rising cases of ransomware and cybersecurity attacks.
The Monetary Authority of Singapore (MAS), through its Cybersecurity Advisory Panel (CSAP) proposed four additional ways for financial services such as online banks, blockchains, and IT supply chains, can keep their data secure.
“MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally. These attacks have led to massive financial losses and disruptions of essential services. Our Cyber Security Advisory Panel has provided us rich insights on how the financial industry can deal with these threats. MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape,” said MAS Managing Director Ravi Menon in a press statement.
First, for IT supply chains, the panel cited the need for a concerted effort to drive cybersecurity standards adoption across supply chains, while incorporating security considerations throughout the system’s life cycle. Effective system monitoring and regular log reviews are important in the prompt detection of suspicious cyber activities.
Second, for online payment and banking security, the panel noted that multi-factor authentication might not be enough, and could be complemented with transaction notifications and data analytics to proactively detect cybersecurity breaches.
Third, on countering ransomware, the panel stressed the need for an ecosystem approach, requiring stronger cross-border and public-private collaborations. The panel also highlighted the importance of protecting backup data for effective service recovery. Financial institutions could consider implementing immutable data storage technologies that are resistant to ransomware attacks.
Finally, on blockchains and digital currencies, the panel suggested that developers continue to strengthen their security in their software development lifecycle. There is also a need to build up a sufficient pool of IT professionals that are experts in both blockchain technology and cybersecurity, and for more tools to become available to aid blockchains.
These recommendations were made during a two-day virtual meeting programme with relevant government organisations.