1. What is a penetration test?
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
2. Why are the Financial Institutions being exposed to cyber attacks?
Financial institutions are increasingly relying on the internet to manage their operations, and to deliver greater convenience and efficiency to their customers.
3. Why are penetration tests important for the Financial Institutions?
Greater internet usage increases their exposure to cyber-attacks. This makes FIs today more vulnerable to security breaches such as unauthorised system access, data theft, system outages and website defacement.
4. What are the recommended measures from MAS Technology Risk Management Guidelines for the Financial Institutions’ security?
1. Vulnerability Assessments: FIs should continuously monitor for emergent security exploits, and perform regular vulnerability assessments of their IT systems against common and emergent threats1;
2. Penetration Testing: FIs should perform penetration tests at least annually on their internet facing systems; and
3. Timely Remediation: FIs should establish a process to effectively remedy issues identified from the vulnerability assessments and penetration testing in a timely manner.
5. Why outsourced activities should also be protected?
Where an outsourcing arrangement involves the handling of sensitive customer data by the service provider, FIs shall ensure that the data is accorded the same level of protection as if it is processed in-house. Where applicable, stringent requirements for regular vulnerability assessments and penetration testing must be applied to the service providers’ environment.