Financial institutions should ensure that the data they store on public cloud services is secure and that they perform risk assessments of third parties they work with.
These were among suggestions made yesterday by a Cyber Security Advisory Panel set up by the Monetary Authority of Singapore (MAS) last year.
The panel, which comprises international experts, advises on ways to boost the cyber resilience of Singapore's financial sector.
At its second annual meeting chaired by MAS managing director Ravi Menon, the panel discussed ways of maintaining security amid the adoption of new technologies while also advising on ways the MAS can improve its own cyber strategies.
It noted that as financial institutions are increasingly using public cloud services, in part due to cost savings, small and medium-sized firms could stay safe by relying on reputable providers with strong cyber security capabilities.
Given that a growing number of financial services rely on a limited pool of providers, the panel said financial institutions should adopt measures to secure stored data.
Cloud service providers should also be more transparent with customers about how they implement security measures, the panel said.
It also made recommendations about the use of application programming interfaces (APIs), which are codes used for building software and applications.
While institutions are making these codes available to service providers and business partners, APIs also expose companies to higher risks of cyberthreat, the panel said.
Companies can protect themselves by performing risk assessments on third parties who use their codes, and monitor related activities for suspicious events.
The panel pointed out how vulnerabilities can be identified by using programmes in which hackers are paid to expose cyber security gaps on platforms. The process of "red-teaming", when "ethical hackers" simulate cyber attacks, is another option to bolster defences.