MAS tightens cybersecurity rules on FIs

It will require FIs to implement 6 measures that will address flaws in a timely manner.

The Monetary Authority of Singapore (MAS) launched the consultation for the proposed requirements for financial institutions (FIs) in Singapore to implement essential cybersecurity measures to protect their IT systems.

According to an announcement, FIs will be required to implement six cybersecurity measures: address system security flaws in a timely manner; establish and implement robust security for systems; deploy security devices to secure system connections; install anti-virus software to mitigate the risk of malware infection; restrict the use of system administrator accounts that can modify system configurations; and strengthen user authentication for system administrator accounts on critical systems.

Cyber breaches are often the result of insecure system configurations or compromised system accounts, MAS said. “These measures, which are already part of the existing MAS Technology Risk Management Guidelines, are aimed at enhancing the security of FIs’ systems and networks as well as mitigating the risk of unauthorised use of system accounts with extensive access privileges,” the central bank added.

Recent IT system failures include OCBC’s three-hour services outage. OCBC group CEO Samuel Tsien even acknowledged that the software failure signal was unfortunately not detected for rectification due to a human oversight.”