The Monetary Authority of Singapore (MAS) has announced new rules that seek to better mitigate risks to banks from cyberattacks.
Singapore's financial regulator this morning released the new Technology Risk Management Guidelines, which will apply to all banking, insurance, brokerage and payment services firms.
The new guidelines stipulate that banks and other financial institutions must secure the development of so-called application programming interface (API) codes (which allow applications to communicate with each other) and encrypt sensitive data transmitted to prevent leaks or hackers injecting malicious codes in the APIs.
Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third party service providers."
In a statement MAS explained that a spate recent of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment.
The revised Guidelines set out to establish a robust process for the timely analysis and sharing of cyber threat intelligence within the financial ecosystem, and conduct cyber exercises to allow firms to "stress test" their cyber defences by simulating the attack tactics, techniques, and procedures used by real-world attackers.
Tan Yeow Seng, MAS chief cyber security officer, said, "Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third party service providers."
"The revised Guidelines set out MAS' higher expectations in the areas of technology risk governance and security controls in financial institutions."