Monetary Authority of Singapore (MAS) has revised its guidelines for managing technology risks to fight against growing cyber threats. This comes after a recent spate of attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely used network management software. It included stronger risk mitigation strategies, such as establishing a robust process for the analysis and sharing of cyber threat intelligence within the financial ecosystem and conducting cyber exercises to stress test defenses by simulating attack tactics, techniques, and procedures used by real-world attackers.
Due to growing reliance on third party service providers, MAS suggests that FIs should exercise strong oversight of arrangements with third party service providers to ensure system resilience and maintain data confidentiality and integrity. Moreover, boards and senior management should ensure that a chief information officer and a chief information security officer should account for managing technology and cyber risk, and the boards should include members with the relevant knowledge of such risks.