Due to the ongoing increase of cyber incidents and observed attack patterns, the MFSA notes that financial institutions may be the target of malicious attack campaigns.
These attacks target systems which are inadequately maintained and patched in the case of institutions where proper cyber security awareness is often absent. A proper cyber security implementation plan would include the following actions:
- Regular vulnerability assessment tests on internal and external side of the infrastructure
- Systems that are properly maintained and updated with latest security patches
- Cyber security awareness (and training) for users
- Monitoring email and web traffic for phishing and enforcement of blocking rules on offending traffic
- Infrastructure-wide monitoring to ensure no illegitimate activity is underway.
The MFSA is committed to assist any institutions that require support, and would recommend the sharing of any relevant information to ensure that the interests of the institutions and the country are protected. The MFSA notes that a cyber incident may be reported at various stages, even when complete information may not be available.
In this respect, the MFSA is expecting licence holders to report material cyber incidents to the MFSA within 4 hours.
Reporting of cyber incidents can be done by sending the respective Cyber Incident Notification Form to email@example.com.
Should you need any form assistance with regards to these kind of incidents, please do not hesitate to contact us. We can also assist you in strengthening your defenses and creating proactive cyber security awareness in your organisation.