.jpg)
We thank Mr Zulkifli Jalil for highlighting that cybersecurity must extend beyond an organisation’s own systems to include its vendors (Hold vendors to same high standards, or they may become weakest link, 14 April), and we agree with his views.
The Monetary Authority of Singapore (MAS) expects all financial institutions (FIs) to put in place stringent controls to protect any customer information that they disclose to their third-party vendors. These vendors would include printing agencies like Toppan Next Tech (TNT). FIs are expected to regularly review and affirm that the controls of their vendors are adequate to safeguard the confidentiality of customer information.
Even with the appropriate controls, occasional breaches may still occur. Where there is an unauthorised disclosure of customer information by a vendor, the FI must act quickly to mitigate the impact to its customers. This means preventing further loss of customer information and communicating with customers promptly to advise them on what they need to do to prevent the information from being exploited.
The Cyber Security Agency of Singapore (CSA) advises all organisations to ensure that their third-party vendors with access to sensitive data have adequate cybersecurity measures to protect against cyber-attacks, help mitigate the impact and facilitate recovery.
Organisations offering services as vendors should consider obtaining CSA’s Cyber Essentials or Cyber Trust marks. These are national cybersecurity standards that help organisations prioritise the measures to be implemented. These certifications signal an organisation’s commitment to robust cybersecurity practices, which in turn enhances its reputation and trust among customers.
CSA is also assessing the possibility of requiring vendors to obtain CSA’s Cyber Essentials or Cyber Trust marks, before they can be licensed, or bid for government contracts that will grant them access to sensitive data or systems. Organisations can get help with implementing cybersecurity measures aligned to the Cyber Essentials mark from CSA’s Chief Information Security Officer (CISO) as-a-Service scheme. CSA offers up to 70 per cent co-funding for eligible SMEs.
CSA and sectoral agencies like MAS will continue to work closely with industry to raise cybersecurity standards. All organisations, including vendors, should take a proactive approach to protect themselves and their customers from cyber threats.
Connie Lee
Director (Communications & Engagement)
Cyber Security Agency of Singapore
Lu Xinyi
Director (Corporate Communications)
Monetary Authority of Singapore
