Saturday, July 24, 2021

Singapore is strengthening guidelines for the financial services sector

Must Read

DoJ Says SolarWinds Attackers Has accessed its Microsoft O365 email server

Thousands of Department of Justice (DoJ) email accounts were accessed by SolarWinds attackers last year, the department has confirmed. The...

Hacker leaks data of MeetMindful dating site

The data belongs to the MeetMindful dating site and includes everything from real names to Facebook account tokens and...

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Today, researchers have revealed a security vulnerability by exploiting which they could access more than 100,000 private worker records...

The revised technical risk management guidelines include financial institutional directives to use “strong oversight” of arrangements with third-party service providers to ensure data confidentiality and accountability of senior management.

Singapore has updated its set of guidelines on technical risk management for financial institutions to include, among other things, “strong oversight” of their partnerships with third-party service providers to ensure confidential information.

The updated list also contains updated security management guidance and pressure testing and the appointment of third-party vendors and senior IT executives.

In more detail under the Technology Risk Management Guidelines, these updates have been made to keep pace with emerging technologies and changing current threats, the Monetary Authority of Singapore (MAS) said in a statement on Monday.

Recognizing that financial institutions are increasingly influencing cloud technology and APIs (systems implementation), the legal sector has emphasized the need to install security controls and risk reduction strategies as part of these organizations’ technological advances and life cycle.

“The emergence of a recent cyber attack on procurement chains, targeted at many IT service providers through the exploitation of widely used network software, clearly shows that the cyber vulnerability situation is getting worse,” he added.

Use of third-party service providers, for example, maybe provided through IT and may include confidential customer information stored by the service provider. Any system failure in violating the security of providers may have a detrimental effect on financial institutions and customers.

The guidelines emphasized the need to evaluate and manage company exposure to technical risks that could affect the privacy and availability of IT systems and data from a third-party service provider, before the establishment of an agreement or partnership.

Financial institutions should also ensure, on an ongoing basis, that the third party adopts the “highest level of care and encouragement” in protecting data privacy and integrity and the strengthening of the system.

Also, financial institutions must establish mechanisms that will enable “timely analysis and sharing” of cyber-threatening intelligence within the sector and conduct pressure tests to protect their cybersecurity, through the simulation of real-time tactics and attacks.

Strong supervision should also extend to human capabilities, including contractors and service providers, where financial institutions must ensure that all employees have the necessary skills to perform the required IT tasks and manage technical risks.

This should include the appointment of a CIO or CISO and the board of the financial institution should have members with the necessary information to provide “effective technical management and cyber risks”, MAS said.

MAS cybersecurity chief executive Tan Yeow Seng said: “Technology is now heavily supportive of many areas of financial services.

Not only are financial institutions adopting new technologies, and they are relying more on third-party service providers. and financial security risks to financial institutions. “

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This