The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP), comprising cybersecurity experts from around the world, provided insights on how Singapore’s financial sector can address technology and cyber risks amid heightened geopolitical tensions, rapid digitalisation of financial services, and an increasingly hostile cyber threat landscape.
At its sixth annual meeting held on 25 and 26 October 2022, the CSAP addressed a broad range of challenges facing the financial sector. Key insights from the meeting include:
- Maintaining agility of responses to cyber threats amid a worsening geopolitical climate. The panel stressed that financial institutions (FIs) should have processes in place to respond swiftly and decisively to new cyber threats arising from adverse geopolitical developments. The panel also emphasised the need for greater cross-border cooperation, including swift information exchange, and carrying out joint exercises to test cyber responses.
- Adopting a holistic approach in dealing with digital banking scams. Globally, incidences of online financial fraud are poised to increase further. The panel recommended that FIs further fortify the security of digital banking services. Measures that can be implemented include verifying and restricting the device from which a customer can access digital banking services; using biometrics as an additional form factor to authenticate high risk transactions; and leveraging artificial intelligence and machine learning for real-time fraud monitoring.
- Mitigating cybersecurity risks related to the increasing use of distributed ledger technology (DLT).The panel highlighted that DLT related security solutions are still nascent, and not well understood by many solution implementors. The recent cyberattacks on DLT platforms emphasises the need for FIs to continually monitor for new modes of attacks and upgrade their security controls to protect their DLT-based services.
- Preparing for emerging risks associated with quantum computing. Developments in quantum computing may compromise present-day encryption protection and threaten data confidentiality. The panel advised FIs to monitor the development of international standards on post-quantum cryptography, and begin the process of identifying weaker cryptographic solutions.
- Managing concentration risks associated with critical third-party service providers. The panel called for harmonisation of cyber resilience standards globally and for financial authorities to work more closely together to engage public cloud service providers on their risk management controls and practices.