Published by the MFSA – 18th May 2019
As the digital threat landscape continues to evolve, companies need to realise the ever-increasing need for proper cybersecurity. But cybersecurity is a complicated subject and most small companies do not have the financial leeway or the in-house expertise to properly prepare for a cyber incident. To guide companies in this endeavour, the Malta Financial Services Authority (MFSA) has published the Guidance Notes on Cybersecurity paper.
In these Guidance Notes the MFSA has placed great emphasis on Organisational Governance specifically tailored for companies operating in the Blockchain or DLT (Distributed Ledger Technology) arena dealing with cryptocurrencies. However, in our view, it can be markedly useful for other businesses as well. If you are interested on how these may apply to your company profile, we at D4n6 can advise you and tailor solutions to your needs.
Let’s have a look at the key points the Guidance covers. Note that these are just a snippet and we recommend you read the full Guidelines or ask for our assistance.
- Businesses should designate a Security Officer, Chief Security Officer, Chief Information Security Officer or any other designation (the ‘CISO’) with the responsibilities as of the following:
- Integrating a Cybersecurity Framework;
- Advise Management and keep the company up to speed on Cyber Defence;
- Define Policies and Standards;
- Develop Metrics and Monitoring;
- Initiate Cyber Exercises, Promote and Execute Security Awareness;
- The company should establish an internationally recognised Cybersecurity Framework (‘CSF’) and act as per international Standards such as NIST, ISO/IEC 27000 family COBIT 5 etc.
- The business should have prompt Data Management practices with Data Classification, User Access Control, Data Entry Access, Due Diligence and Activity Monitoring.
- A Threat Management and Incident Management, Response plan and exercise should be led by the CISO to identify Threat Areas and make necessary remediations and planning.
- Businesses should have a Cybersecurity Awareness Campaign in place to bolster the employee’s awareness and company resiliency.
- Regular auditing and ad-hoc vulnerability reviews should be carried out on the IT infrastructure of the business.
- Compliance with international standards and regulations affecting the business such as GDPR, PCI-DSS etc. should be looked at and implemented.
There are additional Guidelines for Issuers of Virtual Financial Assets and VFA Service Providers regarding Licencing, Fraud Prevention and Standards to comply with.
To sum up our conclusions, the Guidelines provide a basis for a business on how to approach building it’s Cybersecurity and the ability to operate securely. As it is only a guideline it does not provide precise methodologies or hands on solutions, but not to worry, @D4n6 we have you covered.
D4n6 have a reputation on providing business custom policies and standards to customers and we can provide you with the expertise on how you can implement the MFSA Guidelines specifically tailored to your operation.
Drop us an email on firstname.lastname@example.org or connect with us on LinkedIn or Facebook if you would like to learn more and be 100% compliant with the MFSA Guidelines or more.