Saturday, October 16, 2021

Singapore is strengthening guidelines for the financial services sector

Must Read

Plex Media servers are being actively abused for DDoS attacks

DDoS-for-hire services are actively abusing plex Media Server systems as a UDP reflection/amplification vector in Distributed Denial of Service...

Singapore investigating claims Muslim app developer sold user Information to US military

Singapore is investigating claims that a local-based mobile app, Muslim Pro, has offered"granular place data" into the US army....

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine...

The revised technical risk management guidelines include financial institutional directives to use “strong oversight” of arrangements with third-party service providers to ensure data confidentiality and accountability of senior management.

Singapore has updated its set of guidelines on technical risk management for financial institutions to include, among other things, “strong oversight” of their partnerships with third-party service providers to ensure confidential information.

The updated list also contains updated security management guidance and pressure testing and the appointment of third-party vendors and senior IT executives.

In more detail under the Technology Risk Management Guidelines, these updates have been made to keep pace with emerging technologies and changing current threats, the Monetary Authority of Singapore (MAS) said in a statement on Monday.

Recognizing that financial institutions are increasingly influencing cloud technology and APIs (systems implementation), the legal sector has emphasized the need to install security controls and risk reduction strategies as part of these organizations’ technological advances and life cycle.

“The emergence of a recent cyber attack on procurement chains, targeted at many IT service providers through the exploitation of widely used network software, clearly shows that the cyber vulnerability situation is getting worse,” he added.

Use of third-party service providers, for example, maybe provided through IT and may include confidential customer information stored by the service provider. Any system failure in violating the security of providers may have a detrimental effect on financial institutions and customers.

The guidelines emphasized the need to evaluate and manage company exposure to technical risks that could affect the privacy and availability of IT systems and data from a third-party service provider, before the establishment of an agreement or partnership.

Financial institutions should also ensure, on an ongoing basis, that the third party adopts the “highest level of care and encouragement” in protecting data privacy and integrity and the strengthening of the system.

Also, financial institutions must establish mechanisms that will enable “timely analysis and sharing” of cyber-threatening intelligence within the sector and conduct pressure tests to protect their cybersecurity, through the simulation of real-time tactics and attacks.

Strong supervision should also extend to human capabilities, including contractors and service providers, where financial institutions must ensure that all employees have the necessary skills to perform the required IT tasks and manage technical risks.

This should include the appointment of a CIO or CISO and the board of the financial institution should have members with the necessary information to provide “effective technical management and cyber risks”, MAS said.

MAS cybersecurity chief executive Tan Yeow Seng said: “Technology is now heavily supportive of many areas of financial services.

Not only are financial institutions adopting new technologies, and they are relying more on third-party service providers. and financial security risks to financial institutions. “

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This