Story image

Bangko Sentral Ng Pilipinas reveals renewed focus on cybersecurity

07 Nov 17

The Bangko Sentral Ng Pilipinas (BSP) has renewed its guidelines on information security management with a renewed focus on cybersecurity.

Its Monetary Board recently approved pioneering guidelines with the new focus in order to address growing concerns about cyber threats that affect both domestic and global financial communities.

The amendments are part of the company’s Strategic Roadmap on cybersecurity.

The BSP says many security research reports show that global cybercrime losses will increase ‘exponentially’ and the financial services industry will continue to be a prime target.

It warns that without proper management, Bangko Sentral supervised financial institutions (BSFIs) may result in “legal, reputational and systemic risks”.

The amendments to BSP guidelines include a stronger role for BSFI’s Board and senior management. They will be responsible for spearheading sound information security governance and strong security culture within their respective networks.

BSFIs will also mandated to manage information security risks and exposure ‘within acceptable levels’ through people, policies, processes and technologies. They will be required to follow the continuous cycle of ‘identify, prevent, detect, respond, recover and test’.

They are also encouraged to include cyber resilience elements such as participation in information sharing and collaboration, enhance situational awareness capabilities and adopt advanced cybersecurity controls and countermeasures.

The BSP suggests that 24/7 security operations centers (SOCs), which are equipped with advanced technologies and controlled by analysts who can monitor emerging and sophisticated cyber attacks.

“The new guidelines recognize that BSFIs are at varying levels of cyber-maturity and cyber-risk exposures which may render certain requirements restrictive and costly vis-à-vis expected benefits,” BSP states.

“Thus, the IT profile classification has been expanded from two (2) to three (3), namely: “Complex”, “Moderate” and “Simple” to provide greater flexibility in complying with the requirements.  BSFIs with complex IT profile classification would warrant adoption of advanced cybersecurity tools and processes such as the setting up of an SOC.”

BSP acknowledges that its Strategic Roadmap on cybersecurity must balance the promotion of innovation and cyber risk management..

“The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of the BSFIs’ information security program, enterprise risk management system and governance mechanisms.  The new Circular incorporates, to the extent possible, key principles and concepts from leading standards, technology frameworks and global best practices on information security,” BSP concludes.

BFSIs have one year to comply with the provisions. Action plans and timelines will be made available on request from December 2017.

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.