Philippine banks remain relatively safe from serious cybersecurity threats but monetary authorities aren’t letting up on efforts to improve industry vigilance, the chief of the Bangko Sentral ng Pilipinas (BSP) said.
“We are not seeing or we are not in the seat of serious [attacks],” central bank Governor Nestor Espenilla Jr. told reporters.
“[E]very day banks, even the BSP, are being attacked. But it’s also reflective of the quality of cybersecurity that these [attacks]are now being routinely repelled,” he added.
Espenilla nevertheless said monetary authorities could not be too cautious given the rising sophistication of cyberattacks.
“That is why we always raise the level of vigilance of the whole industry,” he said.
The Bangko Sentral chief that soon-to-be-issued regulations would clarify expectations on the role of banks’ boards and senior management with regard to security risk management.
“This one actually strengthens the message that the board … should pay attention to cybersecurity because in our observation … [this]is left to the attention of technologists or [those]lower in the organization,” he said.
As cybersecurity is normally not embraced as part of a bank’s business strategy, Espenilla pointed out that management may not invest enough resources in this area.
Besides rules involving top management, the BSP chief added that monetary authorities would also be issuing prescriptive measures detailing cybersecurity expectations as well as adopt prevailing international standards.
Banks are also being rated by the Bangko Sentral in terms of the strength of their cybersecurity systems as well as their risk management frameworks, he added.
“They get grades from the BSP. And depending on the grade, there is an established process where we deploy enforcement action all the way from corrective action for the worst cases to no action,” he said.
Earlier this year, two of the country’s biggest banks were hit by glitches that affected depositors.
In June, Bank of the Philippine Islands was forced to temporarily take down its electronic banking channels after a system glitch — later attributed to human error — resulted in account mispostings.
The same month also saw Security Bank reporting transaction posting delays, which prompted the lender to extend banking hours.
Banco de Oro clients were also hit by skimming attacks and the bank admitted that some of its automated teller machines had been “compromised”.
Courtesy: The Manila Times | BY MAYVELIN U. CARABALLO, TMT ON