Story image

Bangko Sentral Ng Pilipinas reveals renewed focus on cybersecurity

07 Nov 2017

The Bangko Sentral Ng Pilipinas (BSP) has renewed its guidelines on information security management with a renewed focus on cybersecurity.

Its Monetary Board recently approved pioneering guidelines with the new focus in order to address growing concerns about cyber threats that affect both domestic and global financial communities.

The amendments are part of the company’s Strategic Roadmap on cybersecurity.

The BSP says many security research reports show that global cybercrime losses will increase ‘exponentially’ and the financial services industry will continue to be a prime target.

It warns that without proper management, Bangko Sentral supervised financial institutions (BSFIs) may result in “legal, reputational and systemic risks”.

The amendments to BSP guidelines include a stronger role for BSFI’s Board and senior management. They will be responsible for spearheading sound information security governance and strong security culture within their respective networks.

BSFIs will also mandated to manage information security risks and exposure ‘within acceptable levels’ through people, policies, processes and technologies. They will be required to follow the continuous cycle of ‘identify, prevent, detect, respond, recover and test’.

They are also encouraged to include cyber resilience elements such as participation in information sharing and collaboration, enhance situational awareness capabilities and adopt advanced cybersecurity controls and countermeasures.

The BSP suggests that 24/7 security operations centers (SOCs), which are equipped with advanced technologies and controlled by analysts who can monitor emerging and sophisticated cyber attacks.

“The new guidelines recognize that BSFIs are at varying levels of cyber-maturity and cyber-risk exposures which may render certain requirements restrictive and costly vis-à-vis expected benefits,” BSP states.

“Thus, the IT profile classification has been expanded from two (2) to three (3), namely: “Complex”, “Moderate” and “Simple” to provide greater flexibility in complying with the requirements.  BSFIs with complex IT profile classification would warrant adoption of advanced cybersecurity tools and processes such as the setting up of an SOC.”

BSP acknowledges that its Strategic Roadmap on cybersecurity must balance the promotion of innovation and cyber risk management..

“The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of the BSFIs’ information security program, enterprise risk management system and governance mechanisms.  The new Circular incorporates, to the extent possible, key principles and concepts from leading standards, technology frameworks and global best practices on information security,” BSP concludes.

BFSIs have one year to comply with the provisions. Action plans and timelines will be made available on request from December 2017.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.