Banks told to report cyber breaches within 2 hours
Banks and financial institutions are now required to report security breaches within two hours of detection as the Bangko Sentral ng Pilipinas (BSP) steps up its campaign against cybercrime.
On the sidelines of the Philippine Investment Forum organized by Euromoney, BSP Deputy Governor Chuchi Fonacier said the Monetary Board has approved the proposed reporting requirement for cybersecurity and other information technology (IT)related matters.
“It was approved yesterday,” Fona- cier told reporters yesterday.
Vicente de Villa III, officer-in-charge of the financial technology sub-sector, said the initial reporting of very basic information is within two hours from the discovery of the incident.
De Villa said the followup report containing more relevant details has to be submitted to the central bank within 24 hours from the incident.
The central bank has approved pioneering guidelines on information security management that place renewed
on cybersecurity, promoting the cyber resiliency of the entire banking industry.
The enhanced information security framework strengthened cybersecurity controls in line with a rapidly evolving cyber threat landscape surrounding financial institutions.
Last November, the BSP’s Monetary Board approved pioneering guidelines on information security management that place a renewed focus on cybersecurity in order to promote cyber resilience of the entire banking industry.
The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management as an integral part of the banks’ information security program, enterprise risk management system and governance mechanisms.
The cyber threat landscape has continuously evolved with more threats surfacing in the cyber realm in an increasingly complex and sophisticated fashion.
The amendments highlighted the role of the banks’ board and senior management in spearheading sound information security governance and strong security culture within their respective networks.
Supervised institutions are required to set-up a 24 X 7 security operations center (SOC) equipped with advanced technolofocus gies and manned by competent analysts to proactively monitor emerging and highly sophisticated cyber-threats and attacks.
The Philippines was used as a conduit when hackers stole $81 million from the account of the Bangladesh Bank in the US.