Singapore has revised its current set of guidelines on technology risk management for financial institutions to include, amongst others, "strong oversight" of their partnerships with third-party service providers to ensure data confidentiality. The updated list also comprises updated guidance on security controls and stress tests as well as the appointment of third-party vendors and senior IT executives.
Detailed under the Technology Risk Management Guidelines, the revisions were made to keep pace with emerging technologies and shifts in the current threat landscape, said the Monetary Authority of Singapore (MAS) in a statement Monday.
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Noting that financial institutions increasingly were tapping cloud technologies and APIs (application programming interfaces), the industry regulatory underscored the need to incorporate security controls and stronger risk mitigation strategies as part of these organisations' technology development and deployment lifecycle.
"The recent spate of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment," it added.
The use of third-party services providers, for instance, likely would be pro ..