SWIFT Enlists Cybersecurity Firms as Hacks Continue
- By Andrew Deichler
- Published: 7/11/2016
SWIFT is teaming up with cybersecurity firms BAE Systems and Fox-IT to investigate recent incidents at a number of its customers. The news comes about two weeks after reports that yet another bank, this time in Ukraine, was hit by hackers who transferred funds across the SWIFT network.
The security firms will support SWIFT’s information sharing efforts, which are part of its recently launched Customer Security Program. SWIFT plans to conduct forensic investigations into customer compromises related to its products and services. From there, the financial cooperative will feed (anonymized) information it discovers back to its community to prevent future incidents. SWIFT will also share relevant information with its oversight bodies, appropriate information sharing and analysis center (ISAC) groups and other forensic firms. Any corporate treasury departments connected to SWIFT should pay close attention as SWIFT begins disseminating information.
SWIFT CEO Gottfried Leibbrandt announced the Customer Security Program in May, following a string of attacks on banks, the most prominent being an $81 million heist from Bangladesh Bank. SWIFT said that it has gathered detailed intelligence on the modus operandi of the attackers and the malware they are using, as well as indicators of compromise (IoCs) that can help customers detect threats.
Craig Young, chief technology officer for SWIFT, stressed the importance of information sharing in the SWIFT community. He noted that any customer intelligence, even intelligence gathered from failed attacks, can assist in identifying new malware and to IoCs. “An important dependency of this initiative is SWIFT’s timely receipt of information from affected customers,” he said. “We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users.”
This latest move by SWIFT comes hot on the heels of reports that hackers stole $10 million from an unidentified bank in Ukraine. The attackers reportedly breached the bank’s systems and then transferred the money to a number of offshore companies via the SWIFT network. The bank enlisted the Information Systems Audit and Control Association (ISACA) to investigate the incident. ISACA said that “dozens of banks”, mostly in Ukraine and Russia, have been compromised.
Unfortunately for its brand, customers and partners, SWIFT has primarily been in a “reactive” mode to the recent string of incidents, noted Brad Deflin, president and co-founder of Total Digital Security. He emphasized that money in motion, particularly large sums moving over multiple networks and jurisdictions, is the top target for cybercriminals today. “No one can fully eliminate any type of risk, much less cyberrisk, especially when specifically targeted by sophisticated, ambitious, and well-resourced perpetrators,” he said. “However, as an effective alternative to being reactive, planning and preparedness can position a firm to be responsive in order to act quickly with coordination across divisions, partners, and customers. A responsive mode contains the damage, evidences the firm has acknowledged and planned to face the risk, and demonstrates it can act effectively when problems arise.”
Deflin continued that SWIFT and other corporate entities cannot insulate themselves by protecting only their electronic domains; they must acknowledge the risk at the perimeter of their operations. “The inbound perimeter includes a firm’s supply-chain, while the outbound network includes customers, partners, and any element of the demand chain that constitutes complete delivery of the customer’s expectations for the service or product it provides,” he said.
Copyright © 2017 Association for Financial Professionals, Inc.
All rights reserved.