The Monetary Authority of Singapore has identified IT supply chains as a critical weakness in the cyber defences of major banks.
The central bank's Cyber Security Advisory Panel (CSAP) notes the growing frequency of attacks on IT supply chains as a means to circumvent the cybersecurity walls erected by banking institutions.
The panel recommends that that banks should put in place a multi-layered defence with measures, such as source code reviews, system integrity checks, and network anomaly detection, to mitigate these risks.
The Panel also noted instances of 'poor risk culture' as a contributing factor during cyber incidents, and called on the board and senior management of financial institutions to set clear expectations for cyber risk culture with an effective monitoring mechanism to ensure no back-sliding.