International panel suggests ways to improve financial sector's cyber security

The Cyber Security Advisory Panel, set up by the Monetary Authority of Singapore (MAS), discussed ways of maintaining security amid the adoption of new technologies while also advising ways the MAS can improve its own cyber strategies. ST PHOTO: KUA CHEE SIONG

SINGAPORE - Financial institutions should ensure that data they store on public cloud services is secure and that they perform risk assessments of third parties they work with.

These were among suggestions made on Tuesday (Oct 2) by a Cyber Security Advisory Panel set up by the Monetary Authority of Singapore last year.

The panel, which comprises experts from around the world, advises on ways to boost the cyber resilience of Singapore's financial sector.

At its second annual meeting chaired by MAS managing director Ravi Menon, the panel discussed ways of maintaining security amid the adoption of new technologies while also advising ways the MAS can improve its own cyber strategies.

It noted that as financial institutions are increasingly using public cloud services, in part due to cost savings, small and medium-sized firms could stay safe by relying on reputable cloud solution providers with strong cyber-security capabilities.

Given that a growing number of financial services rely on a limited pool of such providers, the panel said financial institutions should adopt measures to secure stored data.

They should also secure their network connections to the service provider, it added.

Cloud service providers should also be more transparent with customers about how they implement security measures to protect their systems and information, the panel said.

It also made recommendations about the use of application programming interfaces (APIs), which are codes used for building software and applications.

While institutions are making these codes available to service providers and business partners, APIs also expose companies to higher risks of cyberthreat, the panel noted.

Companies can protect themselves by performing risk assessments on the third parties who use their codes and monitor related activities for suspicious events.

The panel pointed out how vulnerabilities can be identified by using programmes in which hackers are paid to expose cyber-security gaps on platforms.

The process of "red-teaming", when "ethical hackers" simulate cyber attacks, is another option to bolster defences.

It recommended that financial institutions consider adopting these as part of their security-testing frameworks.

The panel has also met representatives from the Standing Committee on Cyber Security from The Association of Banks in Singapore, Life Insurance Association Singapore and General Insurance Association of Singapore.

Join ST's Telegram channel and get the latest breaking news delivered to you.