Reinforcing the Cybersecurity Landscape for Banking Industry
In preference of convenience, today’s society is choosing digital over conventional. This matter goes to almost all aspects of life, if possible. Thus, the banking, transaction and financial industry are firming up its cybersecurity to ensure safety and security of consumers and banks. In 2016, the Hong Kong Monetary Authority (HKMA) introduced the Cybersecurity Fortification Initiative (CFI) to improve the cyber resilience of Hong Kong’s banking system. The initiative came to be from three significant aspects, namely; the Cyber Resilience Assessment Framework (C-RAF), the Professional Development Programme (PDP) and the Cyber Intelligence Sharing Platform (CISP). Ever since then, banks have shown generous support of the CFI as it is the most vulnerable to cyber-attacks. Thus, leading to the recent launch of Cybersecurity Fortification Initiative 2.0.
Although the first CFI successfully helped banks managed cyber resilience, cybersecurity attacks remains a significant concern as technology develops faster every minute. The Cybersecurity Fortification Initiative 2.0 remains the three pillars, now with enhanced features. The initiative’s upgrade is in line with the industry’s concern. The HKMA concluded a thorough review of the CFI through extensive market studies, interviews and surveys. A lengthy industry consultation followed it.
Support From Banks
After which, the banking industry primarily demonstrates immense support of the CFI. Almost all of the banks preferred the C-RAF as it helps to identify previously unrecognised gaps. Back in the conventional banking days, banks were susceptible to physical robberies. As we move into the digital age, banks can become a sitting duck if they are not prepared for cyber attacks. With more consumers opt for digital and online banking as well as transactions, every bank will need to accommodate such demand. Thus, in preparation of cyberattacks, all the banks in the Hong Kong banking industry favour the Intelligence-led Cyber Attack Simulation Testing (iCAST).
Reflecting Latest Practices
At one point in the review, the Cybersecurity Fortification Initiative 2.0 comes with enhanced features such as streamlining the cyber resilience assessment process. It is also essential to maintain practical control standards that match the latest technology trends, especially concerning overseas cyber practices. With the CFI 2.0 in place, the Professional Development Programme has expanded its certification list to include equivalent qualification in major overseas jurisdictions. It is also hoped that the enhancements in PDP will facilitate the development of local talent pool.
Implementation in Phases
Although the Cybersecurity Fortification Initiative 2.0 will take effect 1st January 2021, HKMA will carry out the implementation in phases. Most major retail banks, selected foreign bank branches and new authorised institutions which have never taken the C-RAF assessments will be the first group to partake in the CFI 2.0 implementation. The rest of the banks in Hong Kong will be in the second and third group based on their operation scale and cyber risk profiles. The HKMA will be informing authorised institutions individually of their respective group.