Skip to Content

Singapore issues new rules to strengthen cyber resilience of financial sector

by August 6, 2019 Industry

SINGAPORE, The Monetary Authority of Singapore (MAS) today issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector.

The Notice on Cyber Hygiene sets out the measures that financial institutions must take to mitigate the growing risk of cyber threats.

The Notice will make compulsory key elements in the existing MAS Technology Risk Management (TRM) Guidelines.

Specifically, it is mandatory for financial institutions to comply with six requirements.

They are: establish and implement robust security for IT systems; ensure updates are applied to address system security flaws in a timely manner; deploy security devices to restrict unauthorised network traffic; implement measures to mitigate the risk of malware infection; secure the use of system accounts with special privileges to prevent unauthorised access; and strengthen user authentication for critical systems as well as systems used to access customer information.

Malaysian banks operating in Singapore include Maybank, CIMB and RHB.

Financial institutions have 12 months to put these measures in place before the requirements come into effect on Aug 6, 2020.

Cyber threats in the financial sector are growing as a result of an increased digital footprint and pervasive use of the Internet, MAS’ chief cyber security officer Tan Yeow Seng said in a statement here.

The financial sector needs to remain vigilant and ensure that defences are able to counter varied and evolving threats. Good cyber hygiene can go a long way in protecting financial institutions from common types of cyber incursions.

These fundamental and essential measures can be implemented by all financial institutions regardless of size or system complexity, said Tan.

MAS said it had sought feedback from the public in September 2018 on the proposal to make this suite of cyber security measures into legally binding requirements.

The central bank said financial institutions generally welcomed these measures and provided some suggestions regarding implementation of the requirements.

It said these include focusing on strengthening user access to systems that store or access customer data; and allowing more time for financial institutions to design, acquire and integrate robust user authentication technology into their critical systems.

Source: NAM News Network