BSP, banks fortify cyber defense

MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) and banks operating in the country continue to strengthen cyber defenses and overall resilience amid the ongoing migration to the metaverse.

BSP Governor Benjamin Diokno said that there is an impending drastic change in the country’s digital ecosystem with the recent developments on an old concept – the metaverse.

PricewaterhouseCoopers describes the metaverse as a three-dimensional digital world where one can purchase and sell goods and services, sign and enforce contracts, recruit and train talent, and interact with customers and communities.

Since the onset of the pandemic two years ago, the BSP chief pointed out that remote work and school arrangements, contactless payments, online market place and blockchain have become commonplace.

As organizations rush to build the metaverse, Diokno warned that cyber threat actors are also devising new tactics for these platforms and exploiting digital currency vulnerabilities to launch attacks on organizations and customers in the metaverse.

“Since the potential of the metaverse is yet to be fully explored and realized, everyone is cautious of the potential threats, particularly on privacy and security. As companies migrate to the metaverse, the BSP will remain vigilant of these developments in this unchartered area of cyberspace,” Diokno said.

The regulator continues to adopt a comprehensive, agile, risk-based, and engaging approach anchored on regulatory approach, proactive monitoring, and promoting resilience through supervisory and oversight activities toward cybersecurity.

Since 2013, the BSP has issued several regulations to address cyber-related risks for BSP-supervised financial institutions (BSFIs), including those dealing with various facets of technology such as social media risk management, business continuity management, multi-factor authentication, cybersecurity, electronic payments and financial services, virtual assets, and open finance.

“We recently released advisories on control measures against cyber fraud and attacks on retail electronic payments and financial services  and security controls for application programming interface. Likewise, we amended our regulations to enhance provisions on fraud management and technology outsourcing,” Diokno said.

According to the BSP, some major industry-wide initiatives to strengthen the industry’s cyber defenses and overall resilience include developing the Financial Services Cyber Resilience Plan that will serve as the primary framework covering strategies and plans to strengthen cyber resilience in the financial services industry, as well as the implementation of the Advanced SupTech Engine for Risk-Based Compliance, or what we call ASTERisC*.

Likewise, the BSP engages with the banking industry through the Bankers Association of the Philippines Cyber Incident Database or BAPCID - a web-based portal and an industry cyberthreat and best practices sharing platform where participants can report incidents and threats anonymously, and receive threat intelligence feeds and threat advisories from the BSP.

Diokno said the BSP is also coordinating with relevant government agencies and industry associations for a joint consumer protection campaign to amplify our messages and raise overall cyber awareness in the country.

“As we explore the opportunities offered by the metaverse, we must remain vigilant and ensure compliance with the standards of cyber security and data privacy consistent with established regulations and best practices,” the BSP chief said.