SWIFT to Roll out New Security Plan Following Recent Bank Hacks
The Society for Worldwide Interbank Financial Telecommunication, widely known as SWIFT, unveiled on Tuesday a new security program following the recent multi-million dollar bank heists in Asia. The new customer security program is a dedicated initiative designed to help reinforce and foster secure and transparent measures across its international network.
Chief executive Gottfried Leibbrandt said at the European Financial Services Conference in Brussels that the cooperative will launch a five-point plan including concessions in cyber defense, and tools for customers among others, to improve its security systems. The plan will also include measures for increased information-sharing among the global financial community, tougher security requirements for bank software that interfere locally with SWIFT’s network, newly enhanced audit and certification standards for customers, and the use of tools to detect fraudulent transactions over SWIFT.
In a statement, SWIFT insisted that its systems and security were not directly implicated in the attacks. “We would like to assure you again that SWIFT’s network, services, and software were not compromised. While customers are responsible for the security of their own environment, security is our top priority, and as an industry-owned cooperative, we are committed to helping our customers fight against cyber attacks.”
[READ: Ecuador Bank Hacked via SWIFT]
The new security measures address issues that were highlighted after attackers hacked into the SWIFT system of the Bangladesh central bank in February, sending messages to the Federal Reserve Bank of New York allowing them to pilfer $81 million. This attack followed a similar incident involving the Banco del Austro in Ecuador last year. Attackers evidently used the same pattern to gain access to the SWIFT messaging network to send fraudulent messages to initiate cash transfers from accounts at larger banks. As a result, the hacks raised concerns regarding the integrity and trustworthiness of SWIFT transparency.
“The Bangladesh bank hack was a watershed event for the banking industry. There will be a before and an after Bangladesh. The Bangladesh is not an isolated incident. This was a big deal, and it gets to the heart of banking. Banks can learn from one another about the modus operandi of thieves and put better preventive measures in place. Entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities,” Leibbrandt said.
Meanwhile, although security failure in the Bangladesh heist was due to the bank’s weak internal IT environment, former SWIFT Chief Executive Leonard Schrank believes that SWIFT’s security efforts were not enough to defend from the ever-increasing sophistication methods and techniques of cyber thieves and that SWIFT must work harder to restore its reputation. “They really have to earn that credibility back,” Schrank said.
Since then, SWIFT has resolved to drastically improve information-sharing and to beef up security procedures. It will also provide tighter guidelines that auditors and regulators can use to evaluate if SWIFT security measures are up-to-date and strong enough. Finally, Leibbrandt pointed that SWIFT will augment these measures by including structural enhancement of its customers’ security, which will rely on the support of third party providers for security software and hardware, training, and consulting.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale