Singapore continues to be considering new guidelines that may, amongst different issues, direct social media platforms to disable entry to content material they think about dangerous. Nevertheless, it won’t forestall the usage of hyperlinks in SMS or different messaging functions as a result of doing so won’t remove the danger of somebody falling prey to phishing assaults.
The Ministry of Communications and Info (MCI) stated final month that it was engaged on two proposed codes of follow geared toward bettering the security of social media customers within the nation. would require the primary Social media service suppliers To undertake preliminary “system-wide” processes to boost on-line safety for its customers, significantly younger folks.
The second code of follow will allow the Infocomm Media Growth Authority (IMDA) to instruct social media platforms to chop off entry to particular “out of date dangerous content material” that has remained accessible regardless of these operators’ content material moderation regimes. The federal government thought of such content material to incorporate sexual abuse, self-harm, and public safety, in addition to racial or spiritual intolerance.
IMDA’s new implementation framework will present the flexibility to instruct any social media service accessible from Singapore to dam entry to sure kinds of malicious content material or disallow particular on-line accounts to ship such content material or interact customers within the nation.
The ministry indicated that whereas these companies have made efforts to deal with this drawback, it’s involved that the harms will proceed to unfold on the Web and exacerbate when amplified on social media.
The Ministry of Commerce and Trade stated in a written parliamentary response this week that governments all over the world are additionally taking a look at methods to successfully regulate social media companies.
“As with all types of rules, non-compliance ought to lead to enforcement motion. The Ministry of Commerce and Trade has studied related worldwide regulatory kinds and provisions underneath current home legal guidelines. We’ll present particulars of the implementation framework sooner or later,” the ministry stated.
Numerous measures are wanted to mitigate phishing threats
As Singapore considers new social media rules, it has taken extra concrete steps to mitigate the dangers posed by embedded hyperlinks in SMS and different messaging platforms.
The federal government stated in January that it was reviewing the general public sector’s use of SMS textual content messages and clickable hyperlinks in interacting with the general public as a part of anti-phishing efforts. This step got here subsequent Phishing SMS messages involving OCBC Financial institution prospectsThe scammers tampered with SMS sender ID particulars to direct victims to phishing websites, leading to losses of greater than S$8.5 million. Banks had been then instructed to take away hyperlinks from e-mail or SMS messages despatched to shoppers.
In its parliamentary response this week, the Sensible Nation Digital Authorities Group (SNDGG) stated it had evaluated the usage of hyperlinks by authorities businesses and decided that eradicating them in SMS, e-mail or different messaging platforms wouldn’t remove the danger of customers falling prey to phishing makes an attempt.
To raised mitigate such threats, you’ll as a substitute implement detection and prevention measures within the background in addition to enhance consumer consciousness on the right way to shield in opposition to such scams by the usage of hyperlinks.
Detailing the background procedures, the SNDGG stated the federal government will solely use domains ending in “.gov.sg” when sending SMS messages containing hyperlinks. Nevertheless, there have been exceptions the place authorities businesses cooperated with different organizations and different web sites might be used. These web sites can be listed on-line in order that customers can examine unfamiliar web sites earlier than interacting with them.
SNDGG added that the Singapore SMS Sender ID registry was established in March 2022 to dam SMS messages that spoofed sender IDs of goal entities, together with authorities businesses and banks. Up to now, greater than 50 organizations have registered with the registry, with all authorities businesses “stepping up” as properly.
The federal government continues to be assessing whether or not it’s essential to require all customers of alphanumeric sender IDs to take part within the registration.
SNDGG stated carriers are additionally implementing capabilities of their networks to dam fraudulent messages and calls, together with robocalls, and anybody spoofing numbers for native authorities businesses and emergency companies. She added that the federal government has additionally carried out multi-factor authentication – together with the usage of biometrics – on SingPasswhich residents have to entry e-government companies.
Moreover, plans had been underway to launch a WhatsApp channel for the Nationwide Crime Prevention Council within the third quarter. This may allow residents to report suspected fraud sooner and allow the federal government to “crowdsourcing data” and reply to fraudulent web sites and messages, SNDGG stated.
She added that IMDA can be cooperating with the Singapore Police Drive to establish and block suspected fraud websites. About 12,000 suspected rip-off websites had been blocked final yr.
Fallacious configuration is the principle reason for digital banking outage
Scams apart, errors have been the principle purpose for disrupting on-line banking over the previous yr.
4 retail banks – Citibank Singapore, DBS Financial institution, OCBC and United Abroad Financial institution (UOB) – have reported eight outages of their digital banking companies since July 2021. Most of those incidents had been resolved inside three hours, affecting 12,000 prospects in common. Tharman Shanmugaratnam, Singapore’s Prime Minister and Minister accountable for the Financial Authority of Singapore (MAS) in his parliamentary response this week.
Whereas one of many disruptions was associated to an outage at a third-party cloud service supplier, Tharman stated that the banks themselves had been the foundation causes of the incidents. The minister pointed to software program configuration errors, system malfunctions, and errors that appeared whereas banks had been making adjustments to the system.
MAS required all banks to have the ability to restore programs that assist crucial banking companies, comparable to cash transfers and funds, inside 4 hours after any outage. The overall unplanned downtime for every crucial system should not exceed 4 hours throughout any 12-month interval.
Tharman stated MAS will take supervisory motion when banks breach these necessities.
For instance, DBS was instructed to nominate an impartial knowledgeable to conduct a assessment of the financial institution’s service disruption, together with the financial institution’s controls, restoration procedures and preventive measures for comparable incidents sooner or later.
Tharman stated DBS additionally needed to right all deficiencies recognized from the assessment and implement measures to make sure any future disruption to its digital banking companies was promptly and appropriately resolved.
“Current occasions spotlight the necessity for banks to consistently assessment their IT resilience technique and guarantee that there’s adequate redundancy and fault tolerance constructed into their digital banking IT infrastructure,” the minister wrote. “Fast diagnostics and programs restoration, together with strong enterprise continuity administration, are crucial to minimizing the influence of IT disruption.”
He added that MAS launched Enterprise Continuity Administration Pointers which outlined measures that monetary establishments ought to use to keep up crucial enterprise companies and cut back service interruptions. Because the adoption of cloud computing will increase the sector’s publicity to 3rd get together dangers, MAS has additionally highlighted these dangers as a key space for monetary establishments to give attention to in each the BCM Pointers in addition to Expertise Danger Administration Pointers.