Page 63 - SC Annual Report 2018 (ENG)
P. 63

Securities
                                                                                                                     Commission
                                                                                                                      Malaysia
                                                                                                                     ANNUAL
                                                                                                                      REPORT
                                                                                                                     2018





                           With cyber threats on the rise, supervisory focus   To strengthen cyber security resilience of capital
                           was  placed on cyber risk management by capital   market participants, focused and theme-based
                           market entities. In 2018, several initiatives were   cyber risk examinations are planned for 2019.
                           undertaken to enhance and improve cyber risk    Targeted scrutiny, as and when required, will also be
                           management within the industry, including regular   conducted to inform the SC’s policy and supervisory
                           monitoring and review of cyber security issues   interventions.
                           on regulated entities through on-site and off-site
                           engagements.
                                                                           As part of its efforts to strengthen the industry’s
                                                                           cyber defence, the SC hosted the first sector-led
                           In December 2017, self-assessment questionnaires   cyber simulation in October 2018. In collaboration
                           were issued to the industry to gauge controls on   with the National Cyber Security Agency (NACSA)
                           data management. Following the assessment, an   and facilitated by Cyber Security Malaysia (CSM),
                           industry circular was issued detailing several areas   the simulation involved 38 capital market entities
                           of improvement.
                                                                           that were selected based on the size of their business
                                                                           operations and reliance on technology.


                           Diagram 10
                           capital market cyber simulation to strengthen cyber resilience






                                                        Improved clarity on    Enhanced working
                                                       responsibilities related to   relationship and
                                                       certain key cyber incident    collaboration among
                                                         response decisions    SC, NACSA & CSM




                                        Accentuated the necessity                            Better identification of
                                          for established and                                gaps in cyber incident
                                         easily-located relevant    Outcomes                   response (people,
                                           points of contact                                    processes and
                                                                 from the Cyber                   tools)
                                                                   Simulation



                                                                                               Stronger response
                                        Demonstrated the need for                             capabilities aligned
                                         efficient communication                              towards mitigating
                                          and data exchange                                     complex cyber
                                                                                                 incidences





                                                                             Improved time-to-response
                                                       Increased understanding    through tested cyber
                                                        on how cyber incidents    incident response
                                                           are managed              plan





                                                                                               PART 2 »» SHAPING MARKET CONDUCT  |  53






              NEW_36-59.indd   53                                                                                        2/21/19   9:27 AM
   58   59   60   61   62   63   64   65   66   67   68