The Monetary Authority of Singapore (MAS) has released a new set of requirements to raise the cybersecurity standards in the financial industry. These legally binding requirements also aim to strengthen the cyber resilience of financial organisations against the attacks. Sharing their thoughts on the latest move by the MAS are Olli Jarva, Managing Consultant at Synopsys and Clement Lee, Principal Security Architect, APJ, Check Point Software Technologies.
Olli Jarva, Managing Consultant, Synopsys Software Integrity Group
The latest move from MAS to impose new cyber hygiene rules for all financial services and e-payment firms is a timely action that should be welcomed by consumers and companies alike. While the financial services sector is relatively mature in terms of their software security posture, many of them are still struggling with a rapidly evolving technology landscape and facing increasingly sophisticated adversaries. Be it a shift to cloud or new ways of payment services, history has shown that there is a significant need for improvement in supply chain risk management.
Based on the 2019 survey on “The State of Software Security in the Financial Services Industry” published by Synopsys Cybersecurity Research Center (CyRC) and Ponemon Institute, it was revealed that more than half of the respondents have experienced system failure or downtime (56%) or theft of sensitive customer data (51%) due to insecure software or technology. Unsurprisingly, the study shows that more organisations are effective in detecting (56%) and containing (53%) cyberattacks than in preventing attacks (31%).
The big positive impact that the MAS rules on the new cyber hygiene and cybersecurity standards are that it can boost consumer confidence and trust on the new and current services from the financial services industry, be it from established stalwarts or from startups.
Clement Lee, Principal Security Architect, APJ, Check Point Software Technologies
This is simple hygiene that should have been expected from a standard security operation. The fact that MAS has to run this down to elements means that they found technology risk management (TRM) misinterpreted and/or misinformed. A security practice is only as strong as the weak implementation and its importance depends heavily on the organisation’s risk posture.