Why financial institutions should adapt a data-centric approach for compliance obligations
Last September my colleague Alex Tay tackled the state of cybersecurity in Singapore and reasons for critical information infrastructure (CIIs) sectors to comply with the recent mandates from the Cyber Security Agency (CSA). As one of the 11 CIIs covered under Singapore’s cybersecurity bill, the banking and finance sector isn’t exempt to the new regulatory mandates for compliance—in fact, the Monetary Authority of Singapore (MAS) recently tightened cybersecurity rules to further protect their IT systems. How will the financial sector cope with compliance considering today’s ever-evolving guidelines, rules, and its various interpretations?
Legally-binding cybersecurity regulations strengthened for FIs
In a move to tighten cybersecurity rules and framework for financial institutions, the Monetary Authority of Singapore (MAS) proposed to make six (6) essential cybersecurity measures legally binding on top of the existing measures in place. These measures are meant to serve as a baseline hygiene standard for cybersecurity according to the MAS Technology Risk Management guidelines, in addition to enhancing the security of financial institutions’ systems and networks, and its resiliency to cyber attacks.
As indicated on the MAS website, financial institutions (FIs) are ordered to comply with the following cybersecurity measures:
• Address system security flaws in a timely manner
• Establish and implement robust security for systems
• Deploy security devices to secure system connections
• Install antivirus software to mitigate the risk of malware infection
• Restrict the use of system administrator accounts that can modify system configurations
• Strengthen user authentication for system administrator accounts on critical systems
With more financial processes today being done digitally, what does this mean for FIs in the face of increasing cyber attacks?