The guideline developed by the Association of Banks in Singapore is known as the Adversarial Attack Simulation Exercises (AASE)
MWR InfoSecurity, a cybersecurity consultancy, made headline after it praised Singapore for the development of security assessment guidelines called the Adversarial Attack Simulation Exercises (AASE).
AASE is a form of cyber security assessment designed to test the robustness of financial institutions’ cyber defenses. The system applies a simulated cyber-attack using tactics, techniques, and procedures that are commonly employed by threat actors.
Another moniker of the guidelines is “Red Teaming”, developed by the Association of Banks in Singapore (ABS), supported by the Monetary Authority of Singapore (MAS).
Also Read: Korea’s Viva Republica raises US$80M to expand in Southeast Asia
These guidelines are said to be aimed at strengthening the cyber resilience of the country’s financial sector. It will allow financial institutions to identify gaps in their people, processes and technologies.
“Cybersecurity attacks against financial institutions are evolving in scope, complexity and sophistication. Financial institutions are already deploying layers of defensive two measures, solutions, and controls to reduce their exposure to attacks and improve their response readiness, and AASE guidelines shall complement these institutions’ existing testing programmes” said Ong–Ang Ai Boon, director of ABS.
Benjamin Harris, technical director, MWR InfoSecurity said that both ABS and MAS has successfully set highly relevant guidelines considering cybercriminals are operating on unprecedented scales targeting organisations of all sizes.
“From state-sponsored adversaries attempting significant thefts from central banks to numerous complex and aggressive attacks on various global banks, the threat landscape continues to evolve in both sophistication and audacity,” said Harris.
Founded in 2003, MWR InfoSecurity provides advice and solutions in all areas of security, from professional and managed services to developing commercial and open source security tools.
AASE, said Harris, has the edge because it employs a holistic approach when compared to traditional penetration testing exercises.
“Where penetration testing focuses on validating technical controls or identifying technical weaknesses in specific assets, AASE place emphasis on the target organisation’s ability to prevent, detect, and respond to adversaries targeting critical functions, across multiple technical and non-technical domains,” said Harris.
Also Read: Grab launches R&D centre in Malaysia
AASE’s capabilities make it a complementary to the organisation’s defensive capabilities, and will ultimately lead to identifying areas for enhancement and strengthening.
“These guidelines will further contribute to the enhancement of security and operational integrity of the financial sector in Singapore, cementing Singapore’s position as a leading financial hub within the Asia-Pacific region and throughout the world,” closed Harris.
–
Image Credit: MWR InfoSecurity
The post Singapore’s financial sector cyber security guidelines have received praise appeared first on e27.