The recent Singhealth data hack is a sobering reminder to us all that the conveniences offered by digital technologies has also exposed us to various vulnerabilities.
With over 1.5 million patient breached, Prime Minister Lee Hsien Loong said the Government is doubling down on beefing up its cyber defenses.
It is especially crucial that we as a nation strengthen our cyber-resilience in mission critical industries like the financial sector.
Cognizant of that fact, the Cyber Security Advisory Panel (CSAP) of the Monetary Authority of Singapore (MAS) recently came out with suggestions on how the industry can harness the benefits of new technologies and remain protected.
This follows their earlier call to the industry to tighten their customer verification process.
Areas of Recommendation
Reassess Cloud Computing Service Provider
Observing the increased use of public cloud services by the financial sector, the advisory panel suggested that small to medium sized financial institutions to switch to reputable cloud solution provides with strong cybersecurity capabilities to compensate for their limited resources.
They also recommended that financial institutions should implement measures to secure data stored on the cloud and their network connections to the cloud service provide while giving greater transparency to their customers on the financial insitution’s effort to protect them.
It is also recommended that financial institution should implement measures to secure data stored on the cloud and their network connections to the cloud service provider.
Put in Place Appropriate Risk Assesment Measures for Open API
It’s no secret that Singapore is moving towards open banking , while it undoubtedly provides banks and its fintech partners various opportunities to innovate and introduce new products, the Cyber Security Advisory Panel of MAS regconises that APIs expose financial institutions to cyber threats.
The advisory panel recommended for financial institutions to perform risk assessment of the third parties using their API and suggested for them to be vigilant in monitoring for suspicious activities.
Deploying Artificial Intelligence and Bounty Programmes
The advisory panel, having met the industry associations have also concluded that financial institutions can strengthen the defenses taking a two-prong approach. One is to invest in AI and Machine Learning capabilities. The next is to identify vulnerabilities through bug bounty programmes — an approach that is used by major tech companies like Google and Facebook.
Image Credit: MAS