The Cyber Security Advisory Panel (CSAP) of the Monetary Authority of Singapore (MAS) has proposed a number of ways to enhance the financial sector’s cyber resilience.
It has provided insights and suggestions on how Singapore’s financial sector can harness the benefits of new technologies while remaining cyber resilient.
At its second annual meeting chaired by Ravi Menon, managing director, MAS, CSAP members shared their views on the growing adoption of new technologies, emerging user authentication methods for online financial services, and the use of open application programming interfaces (APIs) by financial institutions (FIs).
They also discussed MAS’ roadmap on initiatives to expand its cyber intelligence coverage, reinforce protection capabilities, reduce time to recover from incidents, and develop cyber security talent.
One of the key issued discussed was how organisations are increasingly using public cloud services for cost savings, system scalability, and speed to market. CSAP members suggested that small and medium sized FIs, given their limited resources and capabilities, can improve their cybersecurity posture by using reputable cloud solution providers that have strong cybersecurity capabilities.
The members also expressed concerns about concentration risks arising from a growing number of financial services relying on a limited pool of cloud service providers.
They suggested that FIs should implement measures to secure data stored on the cloud and their network connections to the cloud service provider. Members also said that cloud service providers should provide greater transparency to their customers on how they implement security measures to protect their systems and information.
Following PSD2, FIs are actively making their APIs available to third parties such as service providers and business partners to enrich the quality and customisation of their financial services.
As APIs expose FIs to higher risks of cyber threat, CSAP members proposed measures which FIs may adopt when embarking on their open API journey including performing risk assessment of the third parties using their APIs and monitoring activities related to API services for suspicious events
Copyright © 2018 RegTech Analyst
