LRQA Nettitude Blog

By Stuart Wright | Global Head of Compliance and Risk at Nettitude

Employee awareness of common security threats is a crucial line of defence when protecting your organisation from attacks. Within the retail sector, this is especially important as any security compromise could expose the payment details of thousands of customers.

For this reason, it is essential that retailers have a solid PCI DSS employee training programme in place that ensures employees know what best practice to follow to help prevent data leaks or cyber-attacks. But what should your training program look like? In this blog, we’ll try to shed some light on this and give some practical tips on how to approach this requirement.

By Matthew Gould

As our world advances, so does technology and the demand for easier access to the services we use and depend upon throughout our daily lives. Services that are provided by you as an organisation, whom your clients put their trust in to ensure their personal and financial data is protected. Along with the ever-changing technical landscape comes the inevitable race organisations are faced with to remain up-to-date and secure. As systems increase in size and complexity, so does the strain on resources and the ability to effectively safeguard your systems and the sensitive assets they retain.

By Tim Percival - VP of Cyber, APAC & Anthony Long - Managing Principal Security Consultant

This month, the Saudi Arabia central bank has announced plans to incorporate open banking into their financial infrastructure. This move is set bring about many new opportunities as the Kingdom changes direction from their usual path of stability. The new plans will enable increased data-sharing, allowing customers and businesses to have more control over their finances and access bespoke financial services. 

With Singapore having already began to adopt open banking technology around 2016, it’s clear that Asia’s financial market is wasting no time when it comes to the latest technological advancements. Yet, with this adoption comes increased cyber-risks, rendering regulatory authorities all the more critical in stabilising the market.

In part four of the ‘Global Regulatory Frameworks Compared series, we’ll look at AASE – the cybersecurity guidelines created for the Singapore market by ABS (The Association of Banks in Singapore).

By Tim Percival | VP of Cyber, APAC

After the recent cyber-attack on SolarWinds that exposed thousands of businesses across the world, the Singapore Monetary Authority (MAS) have stepped up measures to protect businesses in Singapore.

The new measures, which effect all financial services and e-payment firms, came into effect on Monday the 18th of January and introduce a new set of central banking rules to better mitigate technology risks. MAS have been actively working on the strengthening of cybersecurity standards for some time now, with measures including updating the MAS TRM guidelines. However, the recent breach of SolarWinds has meant that there’s new focus on implementing hardened cybersecurity measures with more emphasis on third party vendors.

By Nettitude

Happy New Year to all of our readers of the Global Regulatory Frameworks Compared Series! As a recap, in recent months, we have been taking a deep dive into the different regulatory bodies that govern the cybersecurity requirements of the Financial Sector. One of the key issues we’ve covered is the misalignment of cybersecurity standards across the board, which in turn led to the introduction of a pan-European framework that could be leveraged across the whole of the Eurozone – TIBER EU.

While the UK and Europe have a fairly coordinated approach with the CBEST and TIBER Frameworks, Asia has a slightly different approach. In part 4 of this series, we’ll be taking a look at the iCAST Framework, governed by the Hong Kong Monetary Authority (HKMA).