Financial Crime World

Cybercrime in Finance: Macau’s Cybersecurity Law a Wake-Up Call for Companies

In today’s increasingly digital age, cybersecurity has become a major concern for governments, companies, and individuals alike. The number of cyberattacks has been on the rise globally, resulting in sensitive data being stolen, company networks and operations compromised, and reputational damage.

Macau’s Cybersecurity Law (MCSL) - A Major Step towards Protecting Critical Infrastructure

To address this growing threat, Macau’s Cybersecurity Law (MCSL) came into effect in December 2019. The law aims to protect critical infrastructure operators in Macao from cyberattacks that could potentially endanger social welfare, public safety or order. This includes:

  • Banks and other financial services
  • Public transport
  • Telecommunication networks
  • Utilities
  • Hospitals
  • Casinos and resorts

Key Requirements under the MCSL

Under the MCSL, companies are required to:

  • Establish internal cybersecurity management functions
  • Appoint a key responsible person with relevant qualifications and experience
  • Implement a cybersecurity management system with operating procedures for incident monitoring and response
  • Report any incidents to the Cybersecurity Incidents Alert and Response Center (CARIC)
  • Monitor third-party service providers

Implications for Local Businesses

The law has significant implications for local businesses, which need to:

  • Conduct risk assessments to determine how it affects their operations and internal functions
  • Engage a qualified third-party organization to help navigate internal biases and blind spots
  • Ensure awareness and clarity throughout the company, starting with top-level management

Challenges in Casino Integrated Resorts

Casino Integrated Resorts present particular challenges due to:

  • Complex IT and engineering systems
  • Numerous vendors
  • Remote access

Cybersecurity Monitoring Essential

Cybersecurity monitoring is essential to provide visibility of technical assets and detect anomalies or threats.

International Standards to Consider

While the Macau Cybersecurity Law is an important step in safeguarding critical infrastructure, companies should also be aware of international standards such as:

  • ISO/IEC 27001
  • IEC 62443

Bolstering Cybersecurity Frameworks with Best Practices

Bolstering cybersecurity frameworks with relevant best practices is crucial.

Cybersecurity - A People Problem

Cybersecurity is often regarded as a technology problem when it’s really about people. Strong leadership, communication, and access to relevant training are essential.

Threats Can Come from Within or Outside the Organization

Threats can come from within or outside the organization, making it vital to have controls in place to monitor employee activities and third-party service providers.

Adoption of the Macau Cybersecurity Law - A Fundamental Step towards Becoming a “Smart City”

The adoption of the Macau Cybersecurity Law is fundamental to the city’s ambitions to develop into a “smart city”, which will encompass:

  • Cloud computing
  • Smart transportation networks
  • Smart tourism
  • Smart healthcare

Conclusion

As systems become increasingly interconnected, cybersecurity demands will grow. The onus will be on operators to ensure that cybersecurity is taken seriously and budgeted for accordingly.

Quote from Stephen Berry, CEO of DDE Technology

“Cybersecurity is often regarded as a technology problem when it’s really about people. Strong leadership, communication, and access to relevant training are essential.”