A set of legally binding requirement was released by MAS today to raise the cyber security standards for the financial industry. This move is made with a view to strengthen the cyber resilience and enforce good cyber hygiene for the sector.
MAS had sought the industry’s feedback in September 2018 on their proposal to make this suite of cyber security measures into legally binding requirements. These measures were generally welcomed by financial institutions and contributed their suggestions for the implementation of these requirements.
The notice makes it mandatory for financial institutions to comply with the following requirements for Cyber Resilience :
- establish and implement robust security for IT systems;
- ensure updates are applied to address system security flaws in a timely manner;
- deploy security devices to restrict unauthorised network traffic;
- implement measures to mitigate the risk of malware infection;
- secure the use of system accounts with special privileges to prevent unauthorised access; and
- strengthen user authentication for critical systems as well as systems used to access customer information.
MAS has given 12 months for financial institutions to implement these measures before the requirements come into effect by 6 August 2020. MAS considers these measures fundamental and essential, which can be implemented by all financial institutions regardless of the size or complexity of their systems. These mandatory steps are in response to growing cyber threats in an increasingly digital environment.
Argus Global specializes in regulatory compliance. We can help you determine if your company is up to date with the latest regulations with compliance reviews, and we offer as well ongoing support for all your compliance needs.
Date: 6 August 2019
Click here to read the full story.