News Risk Management12 Sep 2018

Singapore:MAS consults on "cyber hygiene" practices for financial institutions

12 Sep 2018

The Monetary Authority of Singapore (MAS) is consulting on proposed "cyber hygiene" requirements for financial institutions (FIs) in the city state to implement cyber security measures too protect their IT systems. These requirements will help FIs strengthen their cyber resilience and guard against cyber attacks.

The FIs will be required to implement six security measures:

  • address system security flaws in a timely manner;
  • establish and implement robust security for systems;
  • deploy security devices to secure system connections;
  • install anti-virus software to mitigate the risk of malware infection; 
  • restrict the use of system administrator accounts that can modify system configurations; and
  • strengthen user authentication for system administrator accounts on critical systems.

In a statement last week announcing the launch of the consultation, MAS noted that cyber breaches are often the result of insecure system configurations or compromised system accounts.

The proposed measures, which are already part of MAS’ existing Technology Risk Management Guidelines, are aimed at enhancing the security of FIs’ systems and networks as well as mitigating the risk of unauthorised use of system accounts with extensive access privileges. In this exercise, the regulator is proposing to elevate the guidelines into legally binding requirements, as a baseline hygiene standard for cyber security.

In addition to the new requirements, FIs are already currently required to implement information technology controls to protect customer information from unauthorised access or disclosure under MAS’ Notice on Technology Risk Management.

MAS chief cyber security officer Tan Yeow Seng said, “The proposed Notice on Cyber Hygiene seeks to strengthen the overall readiness of all financial institutions to address cyber threats by delineating a clear and common cyber security waterline for the financial industry. This will help ensure that our financial sector as a whole continues to be resilient to cyber threats.”

The public consultation will run from 6 September to 5 October 2018.  A copy of the public consultation paper is available on the MAS website.

| Print | Share

Note that your comment may be edited or removed in the future, and that your comment may appear alongside the original article on websites other than this one.


Recent Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

Other News

Follow Asia Insurance Review