Thursday, 2 December 2021

MAS Cyber Security Advisory Panel proposes ways to strengthen security in IT supply chains, online banking, and blockchains

5 min read

Singapore, 29 October 2021 - The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP), comprising experts in cyber security from around the world, provided insights on how MAS and financial institutions (FIs) can bolster their cyber defences. At its fifth annual meeting, held virtually on 26 and 27 October 2021, the Panel supported the adoption of zero-trustsecurity principles and architecture to tackle advanced cyber threats and IT supply chain attacks. In addition, the panel also discussed cyber risks and mitigating actions in emerging technologies like blockchains and digital currencies.

Key insights from the CSAP meeting include:

  • Strengthening security against cyber attacks in IT supply chains. The Panel cited the need for a concerted effort to drive cyber security standards adoption across IT supply chains, as well as incorporate security considerations throughout the system life cycle. They also stressed the importance of effective system monitoring and regular log reviews to facilitate prompt detection of suspicious cyber activities.
  • Improving online payment and banking security. The Panel noted that multi-factor authentication (MFA) remained a key and effective tool for securing digital financial services. However, given that every authentication factor, whether based on short messaging service (SMS), software token or biometrics, could potentially be compromised, the Panel recommended that FIs complement MFA with transaction notification and data analytics to proactively detect cyber intrusions.
  • Countering ransomware threats. The Panel underscored the need for an ecosystem approach to forge closer cross-border collaboration and public-private partnership, in order to deter and foil ransomware attacks. The Panel emphasised the importance of protecting golden source backup data for effective service recovery and recommended that FIs consider implementing immutable data storage technologies that are resistant to ransomware attacks.
  • Securing blockchains and digital currencies. The Panel noted that the security awareness and competency of most developers in the blockchain space were not where they needed to be, and more could be done to strengthen security in their software development lifecycle. The Panel also highlighted the need to build up a sufficient pool of IT professionals who are well-versed in both blockchain technology and cyber security, and making more tools available to aid in the security implementation and testing of blockchains.

 

Mr Ravi Menon, MASManaging Director said, MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally. These attacks have led to massive financial losses and disruptions of essential services. Our Cyber Security Advisory Panel has provided us rich insights on how the financial industry can deal with these threats. MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape.”

As part of the two-day virtual meeting programme, the Panel also exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on their latest industry initiatives, including on the adversarial attack simulation or red teaming exercise and bug bounty programme. Participants included representatives from the Cyber Security Agency of Singapore, Defence Science and Technology Agency, Government Technology Agency, Infocomm Media Development Authority, Ministry of Communications and Information, and Smart Nation and Digital Government Office.

 

Re-disseminated by The Asian Banker 

Diary of Activities