The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP), comprising cybersecurity experts from around the world, convened its seventh annual meeting on 24 and 25 October 2023. The meeting discussed global cybersecurity trends and their impact on the financial sector, securing mobile banking and payments amidst the rise of online banking scams, as well as financial institutions’ (FIs) growing adoption of artificial intelligence (AI).
2 Key insights from the meeting include:
(a) Taking an eco-system approach to fortify cyber defence and maintain trust and public confidence in online financial services. The panel underscored the need for a multi-pronged approach to stem mobile malware-enabled scams, including working closely with technology suppliers to reduce the threat of malicious side-loaded mobile apps.
(b) Strengthening multi-factor authentication (MFA) for mobile banking and payments. The panel supported the adoption of “passwordless” and “out-of-band”
(c) Raising awareness of the potential benefits and risks from the growing adoption of Generative AI (GenAI). As more FIs leverage on GenAI to enhance their systems and business processes, there is an increasing need to guard against potential risks, including leakage of sensitive information and data poisoning. FIs would need to manage these risks by establishing guardrails, for example, by raising employee awareness on the safe use of GenAI, and establishing comprehensive data handling policies.
(d) Leveraging AI to enhance FIs’ cybersecurity capabilities. FIs can deploy AI-enabled solutions in areas such as secure code development, security monitoring, threat hunting and red-teaming to improve the effectiveness and robustness of their cyber defence.
3 As part of the two-day event, CSAP members also spoke at the Technology and Cyber Risk Seminar that was jointly organised by The Association of Banks in Singapore and MAS for the financial industry.
****
[1] Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel.