BSP orders banks to beef up defenses vs cyber attacks | Inquirer Business

BSP orders banks to beef up defenses vs cyber attacks

/ 01:15 AM May 17, 2017

The Bangko Sentral ng Pilipinas yesterday said the global ransomware attack over the weekend had no impact on any Philippine financial institution even as it urged all banks and nonbanks to step up their defenses.

Asked if BSP-supervised financial institutions were targeted during the cyber extortion attacks, Deputy Governor Nestor A. Espenilla Jr. replied: “Targeted? Possible. Successfully attacked? That’s another matter—none so far.”

Reports said that at least 100,000 groups in 150 countries had been hit by online extortion attacks as of Sunday.

Article continues after this advertisement

Espenilla said the BSP had “previously alerted the system to the danger,” hence he was “sure” that “defensive initiatives have minimized the risk.”

FEATURED STORIES

Last week, the BSP issued Memorandum No. M-2017-017 reminding banks to adopt multifactor authentication (MFA) in response to “growing concerns on cyber attacks involving fraudulent e-mails and websites aimed at customers and employees of financial institutions.”

Last April, the BSP ordered all financial institutions in the country to implement MFA, especially for sensitive transactions, by September amid bigger risks coming from cyber attacks.

Article continues after this advertisement

The BSP earlier explained that the MFA employed a combination of at least two authentication factors, namely inherence or something that is inherent to the user such as fingerprint and retinal pattern; knowledge or something that the user knows such as password or PIN, and possession or something that the user has in his/her possession, including payment card or a one-time password generated through a security token or sent via SMS.

Article continues after this advertisement

The MFA “provides for a more reliable authentication method and a stronger fraud deterrent mechanism that limits unauthorized access,” the BSP had said.

Article continues after this advertisement

In a new memorandum issued just last Monday, the BSP reiterated the need to beef up cyber defenses in light of the recent global ransomware attacks.

“With the alarming proliferation of ransomware, BSP-supervised financial institutions are at an increased risk of loss or unauthorized disclosure of proprietary or sensitive information, operational disruptions, financial losses incurred to restore affected systems and reputational damage. Given the perceived anonymity of threat actors in perpetrating ransom payment schemes, ransomware remains a viable threat that is expected to evolve to more sophisticated and destructive forms, such as crypto-ransom ware. Web-based applications, including legitimate cloud-based services, are particularly vulnerable to this type of threat,” Espenilla said in Memorandum No. M-2017-018 issued on May 15.

Article continues after this advertisement

“In this regard, BSP-supervised financial institutions are advised to heighten their vigilance and ensure that robust protection against ransomware is in place. BSP-supervised financial institutions should provide multiple layers of defenses by implementing appropriate controls at the host, network, and endpoint level to prevent and detect malicious codes,” Espenilla said. —BEN O. DE VERA

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Bangko Sentral ng Pilipinas, Hacking

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.