MAS raises the cyber hygiene bar for Singapore’s financial industry

HACKING a bank in Singapore is going to get tougher as the Monetary Authority of Singapore (MAS) has just issued a set of legally binding requirements to raise the cybersecurity standards in the country’s financial industry.

Dubbed the Notice on Cyber Hygiene, the set comprises of documents outlining specific requirements for separate stakeholders in the industry such as insurance brokers, financial advisers, financial holding companies, finance companies, trust companies, capital market entities, banks, among others.

The specifications outlined in the notices come into effect on 6th August 2020, by which date, entities will need to make arrangements to comply with all the new cybersecurity requirements outlines for them.

Overall, here is a summary of all the mandatory requirements that the financial industry in Singapore will need to comply with if they are to provide customers with a safer digital experience, in line with the expectations of MAS:

• Establish and implement robust security for IT systems
• Ensure updates are applied to address system security flaws in a timely manner
• Deploy security devices to restrict unauthorized network traffic
• Implement measures to mitigate the risk of malware infection
• Secure the use of system accounts with special privileges to prevent unauthorized access
• Strengthen user authentication for critical systems as well as systems used to access customer information.

“Cyber threats in the financial sector are growing as a result of an increased digital footprint and pervasive use of the internet, said MAS Chief Cyber Security Officer Tan Yeow Seng.

“The financial sector needs to remain vigilant and ensure that defenses are able to counter varied and evolving threats. Good cyber hygiene can go a long way in protecting financial institutions from common types of cyber incursions.

“These fundamental and essential measures can be implemented by all financial institutions regardless of size or system complexity.”

Reviewing the notice for banks revealed some of the cyber hygiene practices that have been highlighted by MAS — and although many of them seem quite easy to follow, banks will certainly need get their act together and build appropriate policies and frameworks that not only meet specifications but are also best-in-class as far as possible.

“Threats are constantly present and evolving in sophistication. We cannot afford to be complacent. Financial institutions must, therefore, remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure prompt and effective response and recovery.”

To be fair, Singapore’s banking and wider financial services ecosystem is quite robust when evaluating the APAC region on the whole, however, MAS raising the bar will definitely help the industry better protect itself.

---

---

---