Singapore issues rules to strengthen finance sector’s cyber resiliency

Singapore issues rules to strengthen finance sector’s cyber resiliency

Singapore issues rules to strengthen finance sector’s cyber resiliency


By Gabriel Olano

The Monetary Authority of Singapore (MAS) has released legally binding requirements to improve cyber security standards and strengthen the cyber resilience of the financial industry.

Known as the Notice on Cyber Hygiene, it details the measures that financial institutions must take to mitigate growing cyber risks. It will make several key elements in the existing MAS Technology Risk Management (TRM) Guidelines mandatory for financial institutions, namely the following:

  • Establishing and implementing robust security for IT systems
  • Ensuring updates are applied to address system security flaws in a timely manner
  • Deploying security devices to restrict unauthorised network traffic
  • Implementing measures to mitigate the risk of malware infection
  • Securing the use of system accounts with special privileges to prevent unauthorised access
  • Strengthening user authentication for critical systems as well as systems used to access customer information.

The MAS gave financial institutions one year to comply with these measures, before they come into force on August 06, 2019.

“Cyber threats in the financial sector are growing as a result of an increased digital footprint and pervasive use of the internet,” said Tan Yeow Seng, chief cyber security officer of the MAS. “The financial sector needs to remain vigilant and ensure that defences are able to counter varied and evolving threats. Good cyber hygiene can go a long way in protecting financial institutions from common types of cyber incursions. These fundamental and essential measures can be implemented by all financial institutions regardless of size or system complexity.”

The guidelines incorporate the results of a public consultation held by the MAS in September 2018. According to the regulator, financial institutions generally welcomed the measures and provided several suggestions, such as focusing on strengthening user access to systems that store or access customer data, and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!