Singapore is still working on new rules, among them, that will instruct social media platforms to disable access to content they deem harmful. However, it will not prohibit the use of hyperlinks in SMS or other messaging apps because doing so will not eliminate the risk of someone falling prey to phishing attacks.
The Ministry of Communications and Information (MCI) last month said it was working on two proposed Codes of Practice aimed at improving the safety of social media users in the country. First will ask social media service providers adopt “system-wide” upstream processes to enhance online safety for their users, especially young people.
The second code of practice would empower industry regulator Infocomm Media Development Authority (IMDA) to instruct social media platforms to cut off access to specific “severely harmful content” that persists. despite these operators’ content censorship systems. The government considers such content to include sexual abuse, self-harm, public safety, as well as racial or religious intolerance.
The new enforcement framework will give IMDA the power to direct any social media service accessible from Singapore to block access to specific types of harmful content or disallow accounts. particular online that conveys that content or attracts domestic users.
The department noted that while such services have made efforts to address this, it is concerned that online harms continue to pervade and that these harms are compounded when amplified on media. social media.
The MCI said in a written response to parliament this week that governments around the world are also looking to effectively regulate social media services.
“As with all forms of regulation, non-compliance must lead to enforcement actions. MCI has studied relevant international regulatory patterns and provisions under applicable local law. I will provide details of the enforcement framework in due course,” the ministry said.
Various measures needed to mitigate phishing threats
While considering new regulations for social networks, Singapore has taken more specific steps to reduce the risk posed by hyperlinks embedded in SMS and other messaging platforms.
The government in January said it was looking into the public sector’s use of SMS and clickable links in interacting with the public as part of efforts to combat phishing schemes. The move to later SMS scam involving OCBC Bank customers, where scammers manipulated SMS sender ID details to direct victims to online scam websites, resulting in more than S$8.5 million in losses. Banks were then instructed to remove the hyperlinks from emails or SMS messages sent to consumers.
In a response to parliament this week, the Smart National Digital Government Group (SNDGG) said it had assessed the use of links by government agencies and determined that removing them in SMS , email or other messaging platforms will not eliminate the risk of users falling prey to phishing attempts.
To better mitigate such threats, it will instead implement detection and prevention measures on the backend and raise user awareness on how to protect against phishing scams. Such fraud continues through the use of hyperlinks.
Building on ancillary measures, SNDGG said the government will only use domain names ending in “.gov.sg” when sending linked SMS messages. However, there are exceptions where government agencies cooperate with other organizations and other websites may be used. Such sites will be listed online so that users can check for unfamiliar sites before interacting with them.
SNDGG added that the Singapore SMS Sender ID Registry was established in March 2022 to intercept SMS messages that spoof the sender IDs of targeted entities, including government agencies. and bank. To date, more than 50 organizations have registered the registry, with all government agencies also “joining”.
The government is still evaluating whether it is necessary to require all alphanumeric sender ID users to participate in the register.
Telecommunications companies are also deploying capabilities within their networks to block fraudulent messages and calls, including robot calls and anyone spoofing the numbers of local government agencies and emergency services, SNDGG said. It added that the government is also rolling out multi-factor authentication – including the use of biometrics – on SingPassresidents needed to access e-government services.
In addition, plans are underway to launch a WhatsApp channel for the National Crime Prevention Council in the third quarter. This will allow citizens to more quickly report suspected scams and allow the government to “collect information” and respond to phishing websites and messages, SNDGG said.
It added that IMDA is also working with the Singapore Police Force to identify and block suspected fraudulent websites. About 12,000 suspected phishing sites were blocked last year.
Misconfiguration is the main cause of digital banking service disruption
Scams aside, bugs have been a major cause of disruption to online banking services over the past year.
Four retail banks – Citibank Singapore, DBS Bank, OCBC and United Overseas Bank (UOB) – reported eight disruptions to their digital banking services since July 2021. Most were resolved within Within three hours, the outage affected an average of 12,000 customers. Tharman Shanmugaratnam, Senior Minister of Singapore and Minister in charge of the Monetary Authority of Singapore (MAS) in his parliamentary reply this week.
Longest intermittent, lasted 39 hoursrelated to DBS last November, later attributed to a malfunction of bank’s access control server.
While one outage involved an outage at a third-party cloud provider, Tharman said it was the banks themselves that were mostly the root cause of these problems. The minister pointed to software misconfigurations, system glitches and errors introduced when banks made system changes.
The MAS requires all banks to be able to restore systems that support critical banking services, such as remittances and payments, within four hours of any disruption. The total unscheduled downtime for each critical system should also not exceed four hours in any 12-month period.
Tharman said the MAS would take supervisory action when banks breach these requirements.
For example, DBS has been directed to invite an independent expert to conduct a review of the bank’s service disruption, including the bank’s recovery and control measures as well as the precautions for such events. similar efforts in the future.
Tharman said DBS also had to fix all deficiencies identified during the review and take measures to ensure any future disruption to technical banking services. Your number is resolved quickly and satisfactorily.
“Recent incidents highlight the need for banks to continually review their IT recovery strategy and ensure that there is sufficient redundancy and fault tolerance built into their infrastructure,” the minister wrote. their digital banking IT infrastructure”. “Rapid system diagnostics and recovery, coupled with strong business continuity management, is critical in mitigating the impact of IT disruptions.”
He added that MAS introduced business continuity management guide that the measures outlined should be taken by financial institutions to maintain business-critical services and minimize service disruptions. With cloud adoption increasing the industry’s exposure to third-party risks, MAS has also highlighted those risks as a key area that financial institutions need to focus on both. BCM instructions as well as technology risk management guide.
RELATED INSURANCE
