[SINGAPORE] Financial institutions in Singapore should adopt a service-centric approach, re-examine their IT supply chains, and prepare for a post-quantum world to stay resilient amid evolving cyber and technological risks, a newly formed expert panel has recommended.
These suggestions were made during the inaugural meeting of the Cyber and Technology Resilience Experts Panel on Wednesday (Apr 16).
The panel, convened by the Monetary Authority of Singapore (MAS) in August 2024, comprises 13 global experts in cybersecurity and technology resilience.
They outlined four key strategies to strengthen cyber and operational resilience across the financial sector.
First, financial institutions should enhance resilience by viewing disruptions from a customer’s perspective. They were also advised to move beyond “routine, scripted” IT disaster recovery exercises and incorporate unscripted elements into drills.
“This will better prepare financial institutions to respond effectively to real-world IT incidents and strengthen their overall operational resilience,” MAS said.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Second, these firms should mitigate third-party and open-source software risks in their IT supply chains.
This includes conducting thorough risk assessments, maintaining a “comprehensive” inventory of internal IT components, and mapping third-party dependencies to identify potential vulnerabilities.
Third, financial institutions should start preparing for a “post-quantum” security environment. Quantum computing, with its vast computational power, could compromise current cryptographic methods.
Said MAS: “This will allow financial institutions to better prioritise the replacement of cryptographic solutions that are prone to quantum attacks.”
Lastly, the panel highlighted the growing complexity of digital financial scams and called for a “multi-layered approach” to detect and counter emerging threats.
Measures could include leveraging artificial intelligence for fraud detection, deploying phishing-resistant authentication methods, promoting greater information sharing among financial institutions on new scam typologies, and continuing to strengthen customer education.
