FIs called to review security controls against tech-related risks

They are asked to improve oversight of third-party vendors and review risk profiles.

The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP) has stressed the need for financial institutions (FIs) to review their security controls amidst heightened risks arising from remote working and safe management measures as a result of the pandemic.

At its fourth annual meeting with MAS on 5 November, the panel made several recommendations for FIs to be better equipped against cyber risks in the new operating environment.

CSAP called for FIs to review their current risk profiles and the adequacy of their risk mitigating measures, especially with the rapid adoption of remote access technologies and work processes, which could affect FIs’ cyber risk profiles.

The panel also cautioned FIs to improve their oversight of third-party vendors on which they have become increasingly reliant upon amidst remote working, and to monitor and secure remote access by third-parties to FIs’ systems.

FIs are also asked to strengthen their governance over the use of open-source software (OSS). In particular, the panel recommended that FIs establish policies and procedures on the use of OSS.

CSAP also reminded FIs to ensure that these codes are reviewed and tested before they are deployed in their IT environment.

Over two days of virtual meetings, the panel also reportedly exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and t

he Insurance SCCS on topics of enhancing cloud resiliency, monitoring insider threats, and the role of cyber insurance in risk management.Participants included representatives from government agencies such as Ministry of Communications and Information, Ministry of Defence, and Government Technology Agency.