Banks urged to beef up systems to combat cyber attacks | Inquirer Business

Banks urged to beef up systems to combat cyber attacks

/ 01:33 AM May 13, 2017

Nestor Espenilla Jr. —RICHARDA. REYES

Nestor Espenilla Jr. —RICHARDA. REYES

Citing rising concerns on phishing and cyber attacks targeting bank customers and personnel, the Bangko Sentral ng Pilipinas ordered financial institutions to beef up their defenses. Phishing is the attempt to get sensitive information such as usernames, passwords and credit card details by pretending to be a trustworthy entity in an electronic communication like e-mail.

“In response to the growing concerns on cyber attacks involving fraudulent e-mails and websites aimed at customers and employees of financial institutions, BSP-supervised financial institutions are advised to sustain resilience efforts and continue to perform rigorous risk assessments of their current technology environment,” Deputy Governor Nestor Espenilla Jr. said in Memorandum No. M-2017-017 issued on May 10.

ADVERTISEMENT

In addition to implementing risk-based authentication methods for customer accounts, it said BSP-supervised financial institutions should also ensure adequate access control measures were in place for systems that support the provision of electronic products and services such as authentication servers, application servers, domain name system (DNS), including domain registry services, regardless of whether these were managed internally or by a third-party service provider. For outsourced systems, it said BSP-supervised financial institutions, as part of their outsourcing risk management framework, should have a sufficient level of assurance that the service provider was maintaining robust security controls.

FEATURED STORIES

Also, stronger authentication methods other than the use of passwords should be adopted for high-risk/sensitive systems that are managed by privileged users such as network and system administrators,” Espenilla added.

BSP-supervised financial institutions should also be mindful of domain hijacking, whereby attackers modify a financial institution’s domain name records to redirect users to unauthorized websites. In such cases, additional security measures such as registry lock feature for top-level domain should be adopted,” according to Espenilla, referring to multi-factor authentication (MFA). —BEN O. DE VERA

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: banks, Business, cyber-attacks, News

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Curated business news

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.