Story image

Bangko Sentral Ng Pilipinas reveals renewed focus on cybersecurity

07 Nov 2017

The Bangko Sentral Ng Pilipinas (BSP) has renewed its guidelines on information security management with a renewed focus on cybersecurity.

Its Monetary Board recently approved pioneering guidelines with the new focus in order to address growing concerns about cyber threats that affect both domestic and global financial communities.

The amendments are part of the company’s Strategic Roadmap on cybersecurity.

The BSP says many security research reports show that global cybercrime losses will increase ‘exponentially’ and the financial services industry will continue to be a prime target.

It warns that without proper management, Bangko Sentral supervised financial institutions (BSFIs) may result in “legal, reputational and systemic risks”.

The amendments to BSP guidelines include a stronger role for BSFI’s Board and senior management. They will be responsible for spearheading sound information security governance and strong security culture within their respective networks.

BSFIs will also mandated to manage information security risks and exposure ‘within acceptable levels’ through people, policies, processes and technologies. They will be required to follow the continuous cycle of ‘identify, prevent, detect, respond, recover and test’.

They are also encouraged to include cyber resilience elements such as participation in information sharing and collaboration, enhance situational awareness capabilities and adopt advanced cybersecurity controls and countermeasures.

The BSP suggests that 24/7 security operations centers (SOCs), which are equipped with advanced technologies and controlled by analysts who can monitor emerging and sophisticated cyber attacks.

“The new guidelines recognize that BSFIs are at varying levels of cyber-maturity and cyber-risk exposures which may render certain requirements restrictive and costly vis-à-vis expected benefits,” BSP states.

“Thus, the IT profile classification has been expanded from two (2) to three (3), namely: “Complex”, “Moderate” and “Simple” to provide greater flexibility in complying with the requirements.  BSFIs with complex IT profile classification would warrant adoption of advanced cybersecurity tools and processes such as the setting up of an SOC.”

BSP acknowledges that its Strategic Roadmap on cybersecurity must balance the promotion of innovation and cyber risk management..

“The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of the BSFIs’ information security program, enterprise risk management system and governance mechanisms.  The new Circular incorporates, to the extent possible, key principles and concepts from leading standards, technology frameworks and global best practices on information security,” BSP concludes.

BFSIs have one year to comply with the provisions. Action plans and timelines will be made available on request from December 2017.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.