MAS' Cyber Security Advisory Panel Discusses Actions to Deal with New Financial Sector Cyber Risks
2 At its sixth annual meeting held on 25 and 26 October 2022, the CSAP addressed a broad range of challenges facing the financial sector. Key insights from the meeting include:
- Maintaining agility of responses to cyber threats amid a worsening geopolitical climate. The panel stressed that financial institutions (FIs) should have processes in place to respond swiftly and decisively to new cyber threats arising from adverse geopolitical developments. The panel also emphasised the need for greater cross-border cooperation, including swift information exchange, and carrying out joint exercises to test cyber responses.
- Adopting a holistic approach in dealing with digital banking scams. Globally, incidences of online financial fraud are poised to increase further. The panel recommended that FIs further fortify the security of digital banking services. Measures that can be implemented include verifying and restricting the device from which a customer can access digital banking services; using biometrics as an additional form factor to authenticate high risk transactions; and leveraging artificial intelligence and machine learning for real-time fraud monitoring.
- Mitigating cybersecurity risks related to the increasing use of distributed ledger technology (DLT). The panel highlighted that DLT related security solutions are still nascent, and not well understood by many solution implementors. The recent cyberattacks on DLT platforms emphasises the need for FIs to continually monitor for new modes of attacks and upgrade their security controls to protect their DLT-based services.
- Preparing for emerging risks associated with quantum computing. Developments in quantum computing may compromise present-day encryption protection and threaten data confidentiality. The panel advised FIs to monitor the development of international standards on post-quantum cryptography, and begin the process of identifying weaker cryptographic solutions.
- Managing concentration risks associated with critical third-party service providers. The panel called for harmonisation of cyber resilience standards globally and for financial authorities to work more closely together to engage public cloud service providers on their risk management controls and practices.
3 As part of the two-day event, the CSAP also engaged in a dialogue with the CEOs of major FIs in Singapore. Panel members also spoke at the Technology and Cyber Risk Seminar that was jointly organised by The Association of Banks in Singapore and MAS for the financial industry. Participants of the CSAP meeting included representatives from the Cyber Security Agency of Singapore, Defence Science and Technology Agency, Home Team Science and Technology Agency, and Infocomm Media Development Authority.
4 Mr Ravi Menon, Managing Director of MAS, said, “We had a very rich discussion with our Cyber Security Advisory Panel. The panel provided us good insights on growing cyber threats arising from geopolitical developments and increasingly sophisticated threat actors. There were useful suggestions on carrying out joint cyber exercises, strengthening the security of mobile devices, partnering cloud service providers on cyber risk management, building cyber security into DLT systems at the design stage, and preparing for a post-quantum computing landscape. MAS will continue to work closely with the industry to ensure the cyber resilience of the Singapore financial sector.”