The Cyber Security Advisory Panel (CSAP) of the Monetary Authority of Singapore (MAS) provided insights and suggestions on how Singapore's financial sector can harness the benefits of new technologies while remaining cyber resilient at its second annual meeting.
At the meeting chaired by MAS managing director Ravi Menon, CSAP members shared their views on the growing adoption of new technologies, emerging user authentication methods for online financial services, and the use of open application programming interfaces (APIs) by financial institutions (FIs). They also discussed MAS’ roadmap on initiatives to expand its cyber intelligence coverage, reinforce protection capabilities, reduce time to recover from incidents, and develop cyber security talent.
Public cloud services
With FIs increasingly using public cloud services for cost savings, system scalability, and speed to market, CSAP members suggested that small and medium sized FIs, given their limited resources and capabilities, can improve their cyber security posture by using reputable cloud solution providers that have strong cyber security capabilities.
They acknowledged concerns about concentration risks arising from a growing number of financial services relying on a limited pool of cloud service providers. In particular, FIs should implement measures to secure data stored on the cloud and their network connections to the cloud service provider. Members also said that cloud service providers should provide greater transparency to their customers on how they implement security measures to protect their systems and information.
FIs are actively making their APIs available to third parties such as service providers and business partners to enrich the quality and customisation of their financial services. As APIs expose FIs to higher risks of cyber threat, CSAP members proposed measures which FIs may adopt when embarking on their open API journey. These measures include performing risk assessment of the third parties using their APIs and monitoring activities related to API services for suspicious events.
The CSAP also met industry associations, where it highlighted the usefulness of identifying vulnerabilities through bug bounty programmes and ‘red-teaming’—the use of ethical hackers to continuously test for weaknesses in an organisation--and recommended FIs to consider adopting these as part of their security testing frameworks.
The CSAP was formed in 2017 to advise MAS and the financial sector in Singapore on strategies to address the changing cyber threat landscape. It comprises experts in cyber security from around the world. Members are on renewable two-year terms. Some current members include Accenture Security global cyber regulatory lead Valerie Abend, Cyber Security Agency of Singapore chief executive David Koh and Standard Chartered Bank group chief information security officer Cheri McGuire.