FIs need to review the adequacy of their cyber risk mitigating measures and controls, including in relation to third-party vendors and open-source software.

The MAS (Monetary Authority of Singapore) Cyber Security Advisory Panel (CSAP) has issued a set of recommendations for FIs to bolster their security controls amid the new operating environment that has emerged in the wake of Covid-19.

Formed in 2017, CSAP comprises leading cyber security experts and thought leaders, and advises MAS and FIs on strategies to sustain cyber resilience and trust in Singapore’s financial system.

At its fourth annual meeting with MAS management on Thursday (5 November), CSAP said FIs need to review their risk profiles and the adequacy of the risk mitigating measures, in light of the rapid adoption of remote access technologies and work processes that could affect their cyber risk profiles and present elevated technology-related risks.

According to CSAP, FIs need to assess whether their risk profiles have changed and remain acceptable, to ensure that in the long run appropriate controls are implemented to mitigate any new risks.

CSAP also recommended that FIs maintain oversight of…

Read More…

SINGAPORE – The rise of remote working amid the Covid-19 pandemic has in turn heightened technology-related risks, making it crucial for financial institutions to review their security controls said the Monetary Authority of Singapore (MAS).

Among the recommendations by the MAS Cyber Security Advisory Panel (CSAP) were for financial institutions to review their risk profiles and adequacy of risk mitigating measures, to maintain oversight of third-party vendors and to strengthen governance of the use of open-source software.

These were presented at a meeting with MAS management meeting on Nov 5.

“Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic,” said MAS managing director Ravi Menon.

“But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities. Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats,” he added.

Financial institutions that have adopted remote access technologies have to assess if their cyber risk profiles remain acceptable, and…

Read More…

Open source has become nearly ubiquitous with Agile and DevOps. It offers development teams the ability to quickly and easily scale their software development life cycles (SDLC). At the same time, open-source software (OSS) components can introduce security vulnerabilities, licensing issues, and development workflow challenges. Open-source risks include both licensing challenges and cyber threats from poorly written code that leads to security gaps. With the number of Common Vulnerabilities and Exposures (CVE) growing rapidly, organizations must define actionable OSS policies, monitor OSS components, and institute continuous integration/continuous deployment (CI/CD) controls to improve OSS vulnerability remediation without slowing release cycles.

OSS Impact on Software Development  

Due to the need for rapid development and innovation, developers are increasingly turning to open-source frameworks and libraries to accelerate software development life cycles (SDLC). Use of open-source code by developers grew 40% and is expected to expand 14% year on year through 2023.

Agile and DevOps enable development teams to release new features multiple times a day, making software…

Read More…