MAS Cybersecurity Advisory Group discusses steps to address new cyber risks in the financial sector
Singapore, 28 October 2022…The Monetary Authority of Singapore (MAS) Cybersecurity Advisory Committee (CSAP), comprised of cybersecurity experts from around the world, has provided insight on how Singapore’s financial sector can address technological and cyber risks in a context of heightened geopolitical tensions and rapid digitization. financial services and an increasingly hostile cyber threat landscape.
2 At its sixth annual meeting held on October 25-26, 2022, CSAP addressed a wide range of challenges facing the financial sector. The main conclusions of the meeting include:
- Maintaining the agility of responses to cyber threats in a deteriorating geopolitical climate. The panel emphasized that financial institutions (FIs) should put in place processes to respond quickly and decisively to new cyber threats arising from adverse geopolitical developments. The panel also highlighted the need for greater cross-border cooperation, including rapid exchange of information and conducting joint exercises to test cyber responses.
- Take a holistic approach to dealing with digital banking scams. Globally, the incidences of online financial fraud are set to increase further. The panel recommended that FIs further strengthen the security of digital banking services. Measures that can be implemented include verifying and restricting the device from which a customer can access digital banking services; use biometrics as an additional form factor to authenticate high-risk transactions; and leveraging artificial intelligence and machine learning to monitor fraud in real time.
- Mitigate cybersecurity risks associated with the increasing use of distributed ledger technology (DLT). The panel pointed out that DLT-related security solutions are still nascent and poorly understood by many solution implementers. Recent cyberattacks on DLT platforms highlight the need for FIs to continuously monitor new attack patterns and upgrade their security controls to protect their DLT-based services.
- Prepare for emerging risks associated with quantum computing. Developments in quantum computing may compromise current encryption protection and threaten data privacy. The panel advised FIs to keep up with evolving international standards on post-quantum cryptography and begin the process of identifying the weakest crypto solutions.
- Manage concentration risks associated with critical third-party service providers. The panel called for the harmonization of cyber resilience standards globally and for financial authorities to work more closely together to engage public cloud service providers on their risk management controls and practices.
3 As part of the two-day event, CSAP also engaged in dialogue with the CEOs of major FIs in Singapore. Panel members also spoke at the Technology and Cyber Risk Seminar jointly organized by the Singapore Banking Association and MAS for the Financial Industry. CSAP meeting participants included representatives from the Singapore Cyber Security Agency, the Defense Science and Technology Agency, the Home Team Science and Technology Agency, and the Infocomm Media Development Authority.
4 Mr. Ravi Menon, Managing Director of MAS, said: “We had a very rich discussion with our Cybersecurity Advisory Group. The panel provided us with good insights into the growing cyber threats resulting from geopolitical developments and increasingly sophisticated threat actors. There were helpful suggestions on conducting joint cyber exercises, strengthening mobile device security, partnering with cloud service providers on cyber risk management, integrating cyber security into DLT systems at the design stage and the preparation of a post-quantum computing landscape. MAS will continue to work closely with industry to ensure the cyber resilience of Singapore’s financial sector.