Singapore Steps Up Focus on IT Supply Chain Cyber Security

The Monetary Authority of Singapore (MAS) has flagged a fresh focus on strengthening security against cyber attacks on IT supply chains, with its Cyber Security Advisory Panel citing the need for a concerted effort to drive cyber security standards adoption across IT supply chains.

The issue was raised during the fifth annual meeting of the central bank and financial regulatory authority’s Cyber Security Advisory Panel (CSAP), which was held virtually on 26 and 27 October.

Not only did the panel flag the need for the adoption of cyber security standards across IT supply chains, it also stressed the incorporation of security considerations throughout the system life cycle. Moreover, the panel pointed to the importance of effective system monitoring and regular log reviews to facilitate prompt detection of suspicious cyber activities.

During its latest annual meeting, the panel specifically supported the adoption of zero trust security principles and architecture to tackle advanced cyber threats and IT supply chain attacks. In addition, the panel discussed cyber risks and mitigating actions in emerging technologies like blockchains and digital currencies.

“MAS is paying close attention to the rising occurrences and severity of ransomware and IT supply chain attacks globally,” said Ravi Menon, MAS managing director. “These attacks have led to massive financial losses and disruptions of essential services.

“Our Cyber Security Advisory Panel has provided us rich insights on how the financial industry can deal with these threats. MAS and the industry will maintain a cooperative, proactive and agile posture to manage the rapidly changing cyber risk landscape,” he added.

Meanwhile, the CSAP noted that multi-factor authentication (MFA) remained a key and effective tool for securing digital financial services.

However, it also recommended that local financial institutions complement MFA processes with transaction notification and data analytics to proactively detect cyber intrusions, given the continuing risk of compromise in many existing MFA systems.

At the same time, the panel underscored the need for an ecosystem approach to forge closer cross-border collaboration and public-private partnership in order to deter and foil ransomware attacks.

On this front, the panel emphasised the importance of protecting ‘golden source’ backup data for effective service recovery and recommended that financial institutions consider implementing immutable data storage technologies that are resistant to ransomware attacks.

The panel also noted that the security awareness and competency of most developers in the blockchain space were not where they needed to be, and suggested more could be done to strengthen security in their software development lifecycle.