fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Singapore Tightens Cyber Defence Guidelines For Financial Services Sector

Singapore Tightens Cyber Defence Guidelines For Financial Services Sector

Revised guidelines on technology risk management include instructions for financial institutions to exercise “strong oversight” of arrangements with third-party service providers to ensure data confidentiality and details of the responsibility of senior management.

Singapore has revised its current set of guidelines on technology risk management for financial institutions to include, amongst others, “strong oversight” of their partnerships with third-party service providers to ensure data confidentiality. The updated list also comprises updated guidance on security controls and stress tests as well as the appointment of third-party vendors and senior IT executives.

Detailed under the Technology Risk Management Guidelines, the revisions were made to keep pace with emerging technologies and shifts in the current threat landscape, said the Monetary Authority of Singapore (MAS) in a statement Monday.

Noting that financial institutions increasingly were tapping cloud technologies and APIs (application programming interfaces), the industry regulatory underscored the need to incorporate security controls and stronger risk mitigation strategies as part of these organisations’ technology development and deployment lifecycle. 

“The recent spate of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment,” it added.

The use of third-party services providers, for instance, likely would be provided using IT and might involve confidential customer data stored by the service provider. Any system failure on security breach on the part of these providers could adversely impact the financial institution’s customers and operations.

Also Read: How a Smart Contract Audit Works and Why it is Important

The guidelines highlighted the need to assess and manage the company’s exposure to technology risks that might affect the confidentiality and availability of IT systems and data at the third-party service provider, before a contractual agreement or partnership was established. Financial institutions also should ensure, on an ongoing basis, that the third party adopted “a high standard of care and diligence” in safeguarding data confidentiality and integrity as well as system resilience.

In addition, financial institutions must establish processes to enable the “timely analysis and sharing” of cyber threat intelligence within the sector and conduct drills to stress test their cyber defences, via the simulation of real-world attack tactics and procedures. 

Stronger oversight should further extend to human skillsets, including contractors and service providers, where financial institutions should ensure all personnel had the requisite competence to perform the necessary IT functions and manage technology risks. 

This should include the appointment of CIO or CISO and the financial institution’s board must comprise members with the necessary knowledge to offer “effective oversight of technology and cyber risks”, said MAS. 

MAS’ chief cyber security officer Tan Yeow Seng said: “Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third party service providers. The revised guidelines set out MAS’ higher expectations in the areas of technology risk governance and security controls in financial institutions.”

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us