Singapore’s central bank launches S$30 million cybersecurity grant for finance sector

The Monetary Authority of Singapore (MAS) announced this week the launch of a S$30 million (US$41 million) Cybersecurity Capabilities Grant to strengthen the cyber resilience of the financial sector in Singapore and help financial institutions develop local talent in cybersecurity.

According to a recent report by AT Kearney, cyber risks could obstruct trust and resilience in the Association of Southeast Asian Nations’ (ASEAN) digital economy and prevent the region from realising its full digital potential.

MAS’ grant, funded under the Financial Sector Technology and Innovation Scheme (FSTI), will support the development of advanced cybersecurity functions (e.g. computer forensics and cyber threat hunting) in Singapore-based financial institutions.

The grant will also encourage Singapore-based banks to upskill their local workforce through cybersecurity-related training programmes. This will help attract more cybersecurity professionals and expand the local talent pool in the financial sector.

“The Singapore financial sector has made significant progress in recent years in building up cyber resilience and managing cyber risk,” said Tan Yeow Seng, Chief Cyber Security Officer at MAS. “But the cyber threat landscape continues to evolve and we have to constantly strengthen our cyber capabilities. The Cybersecurity Capabilities Grant will support financial institutions in advancing their cybersecurity technology and manpower needs.”

Guidelines for “cybersecurity exercises”

In November, the Association of Banks in Singapore (ABS) announced that, together with MAS, it had developed a set of cybersecurity assessment guidelines to strengthen the cyber resilience of the financial sector in Singapore.

Known as the Adversarial Attack Simulation Exercises (AASE) or “Red Teaming” guidelines, these instructions provide financial institutions with best practices and advice on planning and conducting Red Teaming exercises to enhance their security testing.

A Red Team or Attacker is an individual or a team who is hired by an organisation to simulate a real cyber attack.

The AASE test consists of simulated cyber attacks using tactics, tecniques and procedures that are commonly used by hackers. The exercise is carried out in the banks actual operating environment, allowing them to identify gaps in the staff, processes and technologies.

“The Adversarial Attack Simulation Exercises closely mimic the modus operandi of cyber criminals in targeting the actual operating environments of financial institutions. This makes it an effective way of assessing the cyber resilience of financial institutions. MAS welcomes the close partnership with the industry to co-create these guidelines to enhance the robustness of cybersecurity standards in the financial sector. We congratulate ABS on the launch of the Guidelines.”