The Association of Banks in Singapore, with support from the Monetary Authority of Singapore, has developed a set of cybersecurity guidelines to strengthen the cyber resilience of the sector
Known as the Adversarial Attack Simulation Exercises (AASE) Guidelines or «Red Teaming» Guidelines, they provide financial institutions (FIs) with best practices and guidance on planning and conducting exercises to enhance their security testing.
AASE is a form of cybersecurity assessment designed to test the robustness of FIs’ cyber defences through a simulated cyber-attack using tactics, techniques and procedures that are commonly employed by threat actors, the Association of Banks in Singapore (ABS) said in a statement on Wednesday.
Simulating Realistic Attachs
«We hope that the AASE guidelines will complement the FIs’ existing cybersecurity testing programmes and further strengthen their ability to assess the effectiveness of their cybersecurity measures to detect and respond to very sophisticated incidents,» Ong-Ang Ai Boon, Director of ABS, said.
By simulating realistic attacks during the exercise and taking into consideration the relevant threat landscape and potential adversaries, the following benefits can be achieved:
- An assessment of an FI’s cyber resilience against adversarial attack techniques, tactics and procedures
- Identification of weaknesses in security controls and associated risks not detected by standard vulnerability and security testing methodologies
- An assessment of the FI’s security incident management and/or crisis management response and processes
- A safe, controlled opportunity to identify and enhance the security posture of a FI whilst reducing risk of cyber breach or compromise
- An opportunity for the defensive teams, such as the security monitoring or incident response team to gain experience and be more proficient in detecting and responding to incidents.
- Improved confidence in formalising an informed post-activity short, medium and long-term security strategy.
Modus Operandi
«The AASE closely mimic the modus operandi of cyber criminals in targeting the actual operating environments of financial institutions. This makes it an effective way of assessing the cyber resilience of financial institutions,» Tan Yeow Seng, Chief Cyber Security Officer, MAS, said.