BSP hastens setting up cybersecurity measures

CEBU, Philippines — The Bangko Sentral ng Pilipinas has sought to step up information security management in the financial industry to fight against cybersecurity.

"In order to promote cyber resilience of the entire banking industry, the Monetary Board (MB) recently approved pioneering guidelines on information security management that place a renewed focus on cybersecurity," the central bank said in a statement.

The BSP this seeks to address the growing concerns on the fast-evolving cyber-threats that continue to confront global as well as domestic financial communities.

"The cyber-threat landscape has continuously evolved with more threats surfacing in the cyber realm in an increasingly complex and sophisticated fashion," the bank regulator said.

Various researches and publications projected global cybercrime losses to increase exponentially with the financial services industry remaining to be a prime target across all industries.

If not properly managed, cyber-threats and attacks may result in operational, legal, reputational and systemic risks among banks and financial firms.

The amendments highlight the role of the companies' board and senior management in leading sound information security governance and strong security culture within their respective networks.

Banks are mandated to manage information security risks and exposures within acceptable levels through a dynamic interplay of people, policies, processes, and technologies following a continuing cycle (i.e. identify, prevent, detect, respond, recover and test phases).

The BSP also highlights the key elements of cyber resilience such as participation in information sharing and collaboration fora, enhancing situational awareness capabilities as well as adoption of advanced cybersecurity controls and countermeasures. A good example is the requirement to set-up a 24 by 7 security operations center (SOC) equipped with advanced technologies and manned by competent analysts to proactively monitor emerging and highly sophisticated cyber-threats and attacks.

"While not a silver bullet, the new regulation serves as one of the critical components in BSP’s Strategic Roadmap on cybersecurity," the central bank noted.

Considering the need to strike the right balance between promoting innovation and managing cyber-related risks, the new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of financial firms' information security program, enterprise risk management system and governance mechanisms.

Financial firms supervised by BSP are given one year from the effectivity date of the Circular to fully comply with the provisions therewith.

Further, plan of actions with specific timelines, as well as the status of initiatives being undertaken to achieve full compliance, should be readily available upon request starting next month.  (FREEMAN)