The MFSA recognised that there is a direct correlation between the increase in innovative technology and the opportunities for cybercrime and identified the need to ensure that the industry operating within the Distribute Ledger Technology (DLT) sphere, implements certain cybersecurity solutions with the aim of mitigating cyber threats.
The Guidance Notes refer mainly to the term “cybersecurity”, however it is imperative to note that a cybersecurity architecture of a licensed entity embraces holistic data security, that is, network and information security, and should cover management of data in any format, (including digital, physical, audio-visual, etc.) and in any state (including in-transit and at-rest).
Any licensed entity within the DLT industry should designate a person responsible for establishing, maintaining and overseeing the internal cybersecurity architecture. This same person should be appointed to act as Security Officer, Chief Security Officer, Chief Information Security Officer or any other designation as may be deemed appropriate by the licensed entity. Systems that continuously monitor the networks of the entity in real-time with intrusion detection measures to prompt alerts of any cyber threats should be maintained.
The Guidance Notes issued by the MFSA are a minimum set of best practices and risk management procedures, and certainly not intended to be exhaustive. Any cybersecurity architecture will now have to comply with internationally and nationally recognised cybersecurity standards, continuing to raise the bar for Maltese licensed entities, and, as a result, boost the prestige of the Malta licenses.
This article was authored by Dr Ursula Farrugia and Dr Davinia Cutajar.