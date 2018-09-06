SINGAPORE: Financial institutions in Singapore could have to implement six security measures as part of new proposed requirements by the Monetary Authority of Singapore (MAS) to strengthen their cyber resilience and better guard against cyberattacks.

In a press release on Thursday (Sep 6), the central bank said breaches are often the result of insecure system configurations or compromised system accounts.

To counter this risk, it is proposing for financial institutions to implement these six measures:

Address system security flaws in a timely manner

Establish and implement robust security for systems

Deploy security devices to secure system connections

Install antivirus software to mitigate the risk of malware infection

Restrict the use of system administrator accounts that can modify system configurations

Strengthen user authentication for system administrator accounts on critical systems

These measures are already part of the existing MAS Technology Risk Management Guidelines, but the regulator is proposing to stipulate them as a baseline hygiene standard for cybersecurity by elevating them into legally binding requirements, the press release said.



This is a further move by MAS to safeguard the industry from online attacks in the wake of the SingHealth attack that resulted in 1.5 million patient records being stolen.



MAS in July had instructed all financial institutions to tighten their customer verification process, and that they should not rely solely on the types of information stolen such as name, NRIC number and address.



The public consultation will run from Sep 6 to Oct 5 this year, and the consultation paper is available on MAS' website, it added.

