The Monetary Authority of Singapore has published a consultation for six new cyber security regulations for financial institutions. Banks and insurance companies in the city state are increasingly targeted by hackers – this move is a positive first step, experts say, to achieving threat protection. Diligent Messenger offers the highest level of threat protection for secure communications, and offer financial institutions a tested solution, along with its framework, the Diligent Governance Cloud.
This has been a good year for cyber security in Singapore. In February, the parliament passed the country’s first cyber security law. Now the Monetary Authority of Singapore has published consultation on Sept. 6 that will develop six new cyber security regulations governing financial institutions. Singapore Financial Institutions will be required to implement six cyber security measures, according to the published consultation:
- Address system security flaws in a timely manner;
- Establish and implement robust security for systems;
- Deploy security devices to secure system connections;
- Install anti-virus software to mitigate the risk of malware infection;
- Restrict the use of system administrator accounts that can modify system configurations; and
- Strengthen user authentication for system administrator accounts on critical systems.
Says MAS Chief Cyber Security Officer Tan Yeow Seng: “The proposed Notice on Cyber Hygiene seeks to strengthen the overall readiness of all financial institutions to address cyber threats by delineating a clear and common cyber security waterline for the financial industry. This will help ensure that our financial sector as a whole continues to be resilient to cyber threats.”
Singapore Banks, insurance companies face major threats
Cyber security experts welcomed these measures, as attacks in Singapore against banks and insurance companies have become fierce according to Thio Tse Gan, who manages the Deloitte Cyber Security Centre in the city state. “Banks are experiencing significant cyber-attacks weekly, if not daily. Common techniques such as tailored malware and spear phishing continue to be effective owing to the lack of appreciation of cyber risks,” he warns.
Banks in regions like ASEAN and APAC are huge heat magnets for cybercriminals, according to David Ng, lead at the Singapore office of cyber security firm Trend Micro. Ng says that an INTERPOL-led cybersecurity operation earlier this year uncovered that 8,800 servers throughout ASEAN targeted BFSIs via attack vectors like ransomware, DDoS, and spear phishing. Solely for the APAC region, malware detections during the first half of the year peaked at 436 million, Trend Micro reports.
In Singapore, the city-state’s financial, insurance, and real estate sector had one in every 202 emails containing malware, according to statistics from cyber security firm Trend Micro.
According to the Symantec (a cyber security firm) 2016 Internet Security Threat Report3, there were nine mega-breaches in 2015, and the reported number of exposed identities totalled around 429 million. There were over one million web attacks against people each day in 2015, but the main problem was that more companies chose not to reveal the full extent of their data breaches, according to Cung Vu, a cyber security expert with the S. Rajaratnam School of International Studies, at Nanyang Technological University.
Singapore Banks and financial companies have been repeatedly threatened by attacks made via the SWIFT funds transfer system. The MAS issued a warning to all companies to provide threat protection for this particular technology.
“The perimeter has changed”
A recent survey of Asian banks indicated that “only 42 per cent of respondents considered their institution to be extremely or very effective in managing cyber-risk. Yet, cyber-risk is the risk type that respondents most often ranked among the top three that would increase in importance over the next two years (41 per cent).” Yet, in January 2017, Risk.net ranked cyber-risk as the topmost among the top 10 operational risks for 2017, according to a recent study.
Many bankers do not understand how the cyber security “The perimeter has simply changed. It’s no longer defined by the boundaries around the data centre, the in-house network versus the Internet. It’s just not that simple now: users and critical data are everywhere. Essentially, we’re living in the time of the ‘zero-perimeter,’” warns Forcepoint SEA Regional Sales director Alex Lim.
Within the financial sector, banks typically have the most public-facing products and services, the study shows. Bank systems’ multiple points of contact with outside parties result in significant vulnerability to cyber-attacks and could be used as entry points for attacks targeting other parts of the financial system. Hence, it is important that banks have adequate governance, systems, procedures and processes in place to mitigate cyber-risk.
Diligent Messenger, part of the Diligent Governance Cloud, offers processes at this level.
Diligent Messenger provides highest grade of security
Diligent Messenger provides secure messaging, replacing email and chat apps that are not safe to use with sensitive material.
Diligent Messenger was developed as a secure messaging tool to be used by boards of directors to ensure what needs to remain private, stays private. This secure board communication tool can be used across industries, including, but not limited to, healthcare, education, corporations, non-profits, and financial services and banks. It operates in a similar fashion to text messaging with the same feel as popular email tools, which are used by directors.
By moving confidential board communications out of personal and corporate email systems, your board can ensure that there is an easy way to communicate with the right people at the right time. Diligent Messenger integrates seamlessly with Diligent Governance Cloud, our board management software, to enable secure messaging and real-time collaboration.
Diligent designed the Governance Cloud with the processes of board directors, executives, general counsels and corporate secretaries in mind. No other company offers such a comprehensive array of software tools that are cohesive and connected to fully meet the needs of today’s board directors.
The few governance solutions that are in the market today have largely been fragmented and disconnected from other processes. Board directors, general counsels and corporate secretaries are realizing the need for governance solutions that help them manage governance activities effectively and efficiently. Boards need products to help them streamline duties for compliance, regulation and governance while keeping all processes in a highly secure, confidential platform.
The Governance Cloud, the only integrated enterprise governance management solution that enables organisations to achieve best-in-class governance, is an ecosystem of software tools that digitizes the various activities and tasks for the board of directors. As organisations grow more complex and regulations more stringent, the scope of governance responsibilities evolves. The Governance Cloud allows boards of directors to meet the demands in the boardroom and beyond with the ability to select the products they need that help them perform their best and work within their allotted budgets.
November 30, 2020
Experts agree: Governance is the best crisis strategy
Your best defence against a crisis is good governance. Whether it’s a global pandemic, a change in senior management or the complexities of running an international organisation, governance provides ‘handrails’ to keep your organisation upright and on-track. This consensus was the unanimous conclusion of the speakers at a recent Diligent…
September 8, 2020
The Importance of Compliance Monitoring
As regulatory compliance obligations continue to multiply, achieving a clear picture of your performance around good governance and compliance is more important than ever. Organisations have responded to this challenge by putting in place increasingly stringent compliance monitoring processes. Larger and more complex businesses and smaller, simpler ones alike face…
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…