KUALA LUMPUR, March 30 — Bank Negara Malaysia (BNM) has remained vigilant against possible disruptions arising from cyber-related incidents, taking an “assumed breach” position in assessing its resilience against cyber-attacks.
In its Annual Report 2021 released today, the central bank said this is where it operates under the assumption that a breach is inevitable or has likely already occurred.
“In light of this new approach, BNM has continuously enhanced its response and recovery capabilities, and identified risks are also managed proactively with strong oversight and support from the management.
“The bank also conducted cyber drill exercises in December 2021 and enhanced cyber hygiene to strengthen the awareness and preparedness of staff in dealing with cyber security incidents,” it said.
BNM said controls were also put in place to mitigate risks related to remote working, as well as emerging threats such as ransomware and third-party security risks.
During the pandemic, the central bank had continued to implement measures to minimise disruption to its critical operations, ensure staff safety and wellbeing, and manage vulnerabilities posed by hybrid working arrangements.
“On the policy-making front, the bank engaged extensively with stakeholders from different segments of society, particularly the affected parties.
“The aim is to assist the bank’s stakeholders and the public in understanding BNM’s policy measures, as well as obtaining feedback on such measures,” it said.
The move has helped to enhance the effectiveness of measures implemented, particularly in supporting households and businesses experiencing temporary financial difficulties while managing longer-term risks, added BNM.
To manage financial risk, the bank monitored the market, liquidity and credit risk exposures, and has risk limits and controls in place.
“The bank’s investments of the international reserves’ portfolio are driven by a board-approved investment benchmark that sets the appetite for long-term risk and returns, and any deviation from the benchmark is controlled using risk limits, clearly defined decision authorities and investment guidelines.
“To manage non-financial risks, BNM identifies and proactively monitors risks through leading and lagging key risk indicators, including information technology, cybersecurity, people, legal, business disruption and physical security risks which are transversal in nature,” it added.
— Bernama
