Operational resilience of financial institutions remained intact — BNM
KUALA LUMPUR: Operational resilience of financial institutions remained intact in the second half of 2023 despite the increasing frequency of ransomware attacks and the proliferation of cybercrime-as-a-service (CaaS), which also present a continuous operational risk challenge for financial institutions globally.
Hence, Bank Negara Malaysia (BNM) said ensuring the operational and cyber resilience of financial institutions remained a key focus in the second half of 2023, accordingly.
“In defending against such threats, BNM requires financial institutions to implement and enforce strong cyber hygiene standards, particularly around governance and patch management.
“Financial institutions in Malaysia have maintained a heightened state of vigilance over evolving technological risks and cyber threats,” said the central bank in its Financial Stability Review 2nd Half 2023 report, released yesterday.
In addition to threat surveillance, detection and responses at the firm level, measures continue to be taken to further improve coordinated system-wide surveillance and responses, it said.
Meanwhile, the central bank said unauthorised online banking transactions continued to be on a downward trend following the implementation of additional fraud countermeasures by financial institutions.
In the fourth quarter of 2023, BNM consulted the financial industry for feedback on enhanced fraud detection standards focusing on internet banking transactions.
“These standards aim to augment the industry’s ability to detect and avert fraudulent transactions on a near real-time basis with improved analytics and coordinated operational measures,” it said in the report.
BNM has also strengthened requirements around financial institutions’ cloud risk management capabilities, including, among others, requirements for financial institutions to put in place additional governance and technical controls such as embracing zero trust principles in the cloud security architecture.
These measures will enable financial institutions to mitigate technical failures and respond more effectively to cloud service outages attributed to the service providers, it said.
BNM said it also continues to closely monitor the effective implementation of these measures by financial institutions in tandem with the wider adoption of cloudbased solutions within financial services.
Meanwhile, collaboration among local cybersecurity agencies, through the sharing of timely cyber threat intelligence, remains essential to the financial industry’s defence against cyber threats, thus, in the fourth quarter of 2023, BNM signed a memorandum of understanding with CyberSecurity Malaysia to enhance information sharing and foster collaboration towards elevating the financial sector’s cyber resilience.
“Engagements with Securities Commission Malaysia and the National Cyber Security Agency have also been initiated to further expand the scope of cyber threat intelligence sharing via the Financial Sector Cyber Threat Intelligence Platform (FinTIP),” said BNM.
In addition, it said that industry engagement sessions have also facilitated exchanges of insights and best practices on cyber resilience among participants.
Internationally, BNM continues to expand bilateral arrangements on cybersecurity cooperation with regional counterparts to facilitate information exchange and support capacity building.