29 November 2022
During its sixth annual meeting on 25 and 26 October 2022, the Monetary Authority of Singapore (“MAS”) Cyber Security Advisory Panel (“CSAP”) discussed how Singapore’s financial sector can address technology and cyber risks amid heightened geopolitical tensions, rapid digitalisation of financial services, and an increasingly hostile cyber threat landscape. Participants of the CSAP meeting included representatives from the Cyber Security Agency of Singapore, Defence Science and Technology Agency, Home Team Science and Technology Agency, and Info-communications Media Development Authority.
Set out below is a summary of CSAP’s key insights from the meeting as highlighted in a MAS press release dated 28 October 2022:
- Financial institutions (“FIs”) should put in place processes to respond swiftly and decisively to new cyber threats arising from adverse geopolitical developments, including greater cross-border cooperation such as swift information exchange and joint exercises to test cyber responses.
- To counter online financial fraud, FI should further fortify the security of digital banking services with measures that include verifying and restricting the device from which a customer can access digital banking services, using biometrics as an additional form factor to authenticate high risk transactions and leveraging artificial intelligence and machine learning for real-time fraud monitoring.
- FIs should continue monitoring for new modes of attacks and upgrade their security controls to mitigate cybersecurity risks related to the increasing use of distributed ledger technology (DLT).
- FIs should prepare for emerging risks associated with quantum computing by monitoring the development of international standards on post-quantum cryptography, and begin the process of identifying weaker cryptographic solutions.
CSAP also called for harmonisation of cyber resilience standards globally and for financial authorities to work more closely together to engage public cloud service providers on their risk management controls and practices.