BSP issues new rules to combat cyber threats | Inquirer Business

BSP issues new rules to combat cyber threats

By: - Reporter / @bendeveraINQ
/ 08:57 AM November 06, 2017

Bangko Sentral ng Pilipinas. INQUIRER.net FILE PHOTO

Amid increasing risks from cyberattacks, the Bangko Sentral ng Pilipinas (BSP) issued stricter rules, among the first of its kind in the Asean, aimed at protecting financial institutions 24/7.

In a statement Saturday, the BSP said the Monetary Board, its highest policymaking body, last week “approved pioneering guidelines on information security management that place a renewed focus on cybersecurity.

Article continues after this advertisement

The new guidelines are needed to “address the growing concerns on the fast-evolving cyber-threats that continue to confront global as well as domestic financial communities,” it added.

FEATURED STORIES

Cyberattacks like hacking put not only sensitive information but also huge sums of money at risk. The hacking of the Bangladeshi central bank’s account from the Federal Reserve Bank of New York in February last year led to the laundering of  $81 million in stolen money in Philippine casinos after entering the country through the financial system.

According to the BSP, the amended rules “highlight the role of the BSP-supervised financial institutions’ (BSFIs) board and senior management in spearheading sound information security governance and strong security culture within their respective networks.”

Article continues after this advertisement

Also, “BSFIs are mandated to manage information security risks and exposures within acceptable levels through a dynamic interplay of people, policies, processes and technologies following a continuing cycle (such as identify, prevent, detect, respond, recover and test phases),” the BSP added.

Article continues after this advertisement

Specifically, the new guidelines also cover “key elements of cyber-resilience such as participation in information sharing and collaboration fora, enhancing situational awareness capabilities, as well as adoption of advanced cybersecurity controls and countermeasures,” according to the BSP.

Article continues after this advertisement

“A good example is the requirement to set-up a 24 by 7 security operations center (SOC) equipped with advanced technologies and manned by competent analysts to proactively monitor emerging and highly sophisticated cyber-threats and attacks,” it said.

Acknowledging that BSFIs were “at varying levels of cyber-maturity and cyber-risk exposures, which may render certain requirements restrictive and costly vis-à-vis expected benefits,” the BSP expanded the IT profile classification from two previously to three—“complex”, “moderate” and “simple.”

Article continues after this advertisement

“BSFIs with ‘complex’ IT profile classification would warrant adoption of advanced cybersecurity tools and processes such as the setting up of an SOC,” the BSP said.

As the stricter regulations were a “critical component” of its strategic roadmap on cybersecurity, the BSP said “BSFIs are given one year from the effectivity date to fully comply with the provisions.”

“Further, plan of actions with specific timelines, as well as the status of initiatives being undertaken to achieve full compliance, should be readily available upon request starting December 2017,” it added.

“Considering the need to strike the right balance between promoting innovation and managing cyber-related risks, the new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of the BSFIs’ information security program, enterprise risk management system and governance mechanisms,” the BSP said, adding that the circular to be issued covering the new regulation “incorporates, to the extent possible, key principles and concepts from leading standards, technology frameworks and global best practices on information security.”

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

“The cyber-threat landscape has continuously evolved with more threats surfacing in the cyber realm in an increasingly complex and sophisticated fashion. Various researches and publications projected global cybercrime losses to increase exponentially with the financial services industry remaining to be a prime target across all industries. If not properly managed, cyber-threats and attacks launched against BSFIs may result in operational, legal, reputational, and systemic risks,” the BSP noted. /cbb

TAGS: ASEAN, Bangko Sentral ng Pilipinas, BSP, Business, cyber threats, Cyberattacks, cybersecurity, Hacking, monetary board

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.