Although the Monetary Authority of Singapore (“MAS“) cybersecurity guidelines have been around since 2013, it was only in August this year that they became legally binding for any financial institution that operates in the country.
The requirements state that banks operating in Singapore need to do the following:
- Establish and implement robust security for IT systems
- Ensure updates are applied to address system security flaws in a timely manner
- Deploy security devices to restrict unauthorised network traffic
- Implement measures to mitigate the risk of malware infection
- Secure the use of system accounts with special privileges to prevent unauthorised access
- Strengthen user authentication for critical systems as well as systems used to access customer information
But why is this important for UK banks now, and should our regulatory bodies be replicating these new rules to make sure the UK banks have best-practice cybersecurity?