The Monetary Authority of Singapore has recently released revised Technology Risk Management (TRM) guidelines to combat the growing threat of cyber risk in the financial sector. The revised TRM guidelines acknowledge the fact that the Financial Services sector in Singapore is going through a massive digital transformation and concomitantly the threat to the space from cyber crime is rising rapidly.
While recommending that every financial institution take cognizance of its risk exposure and evaluate if its technology framework is equipped enough to ensure cyber resilience, MAS TRM guidelines 2021 also include some extremely useful and relevant best practices to ensure that the country’s financial services sector rides the digital wave safely.
Amongst these best practices, section 13.3 of the MAS TRM compliance checklist covers the critical aspect of Cyber Security Assessment. This section talks of Cyber Exercises as a vital step forward towards ensuring cyber resilience of the business. The TRM guidelines 2021 specifically advise regular scenario-based cyber exercises that validate the organisation’s response and recovery as well as communication plans against cyber threats.
Section 13.3.1 reads: “The FI should carry out regular scenario-based cyber exercises to validate its response and recovery, as well as communication plans against cyber threats. These exercises could include social engineering, table-top, or cyber range exercises.”
Cyber Management Alliance had begun to emphasise the growing importance of Cyber Crisis Tabletop Exercises in early 2020 – before the advent of the COVID-19 pandemic unleashed a series of cyber-attacks and made the importance of such exercises more pronounced than ever.
If you’re interested in knowing more about similar regulations in other leading economies, we have a concise blog on SAMA, QCB & NESA Regulations on Business Continuity Planning, Testing & Cyber tabletop exercises created for an easy reference. We further delve into why our clients who conduct ISO 27001 audits are now including cyber tabletop exercises audits in their audit schedules.
As leaders in delivering scenario-based Cyber Tabletop Exercises, we at Cyber Management Alliance make sure that our workshops truly challenge an organisation to gauge the effectiveness of its incident response plans and to evaluate if all key decision-makers are equipped with the right knowledge and skills to act promptly in case of a crisis.
As per section 13.3.2 of the revised MAS TRM guidelines, “Depending on the exercise objectives, the FI (Financial Institutions) should involve relevant stakeholders, including senior management, business functions, corporate communications, crisis management team, service providers, and technical staff responsible for cyber threat detection, response and recovery.”
At Cyber Management Alliance, we work very closely with our clients to ensure that the scenario that is rehearsed during the exercise is pertinent to the business and that the right stakeholders are invited to participate in the exercise – two important aspects that MAS has specified in its revised Technology Risk Management guidelines 2021.
Some of the other USPs of our Cyber Crisis Tabletop Exercises include:
If you are interested in following the best practices that are highlighted in the revised MAS TRM guidelines and in conducting a cyber exercise that truly tests your best defences and enables you to become more cyber resilient than ever.