A SWIFT response to threats: how the global financial network safeguards itself against compromise and theft

by Joanne Wong, Senior Marketing Director Asia Pacific and Japan, LogRhythm

Credit: ID 71901747 © Aleksey Derin | Dreamstime.com

In the digital era, cyber-security is – or should be – a prime concern for Australian organisations of all stripes and sizes. The Australian Cyber Security Centre’s 2017 Threat Report notes the existence of thousands of adversaries around the world, willing to steal information, illegally make profits and undermine their targets. 

The report notes defending a network from compromise is far less costly than dealing with the costs of compromise and that the old adage, ‘good security is built in, not tacked on’ still holds true. 

So, what does best practice look like in an environment where a security breach can result in multi-million dollar losses, along with serious reputational damage? 

A secure network of global partners

Society for Worldwide Interbank Financial Telecommunication, better known by its acronym SWIFT, provides an exemplar for rigorous cyber-security management across a complex and disparate attack surface.

Transfer money internationally or receive a remittance from an overseas customer and, chances are, the transaction will be facilitated by this entity.

Founded in Brussels in 1973, the SWIFT network allows around 11,000 financial institutions in over 200 countries to send and receive messages about transactions in a standardised and highly secure environment. 

Members include banks, brokerages, securities dealers, clearing houses, asset management companies and foreign exchange and money brokers.

SWIFT does not maintain accounts or handle funds but its network moves huge sums every day.

Unsurprisingly, SWIFT and its members have historically been prime targets for cyber-attack and fraud attempts; some of them successful. They include the 2016 compromise of SWIFT credentials at Bangladesh Bank, that country’s central banking facility. Cyber-criminals, who were thought to have compromised the Bank’s systems or partnered with insiders, attempted to transfer $951 million from its account to banks in The Philippines and Sri Lanka. Partially successful, the heist resulted in the loss of more than $60 million. 

Creating a solid foundation for cyber-defence initiatives

Such attacks highlight the importance of safeguarding the integrity of the system. SWIFT has done so via the creation of a Customer Security Controls Framework (CSCF) which informs a security program to which all SWIFT members must adhere.

The program calls for members to adopt a cycle of constant monitoring and feedback of security-related information.

All members are required to secure their own SWIFT-related infrastructure and attest to its CSCF compliance, implement measures to prevent and arrest breaches, identify suspicious transactions and share intelligence about attempted and actual breaches.

Mandatory controls are the backbone of the protection regime. They derive from a series of eight security principles, many of which are equally relevant to organisations outside the financial services sector running mission critical systems or handling sensitive data.

Restricting internet access

Surveying the traffic between the internet and the SWIFT user platform makes it easier to detect compromised accounts or devices in real time, not hours, days or weeks after a breach has occurred. At any indication of compromise, the platform can neutralise the threat to SWIFT systems and assets by shutting down the compromised entity.

Protecting critical systems from the general IT environment

Centrally monitoring all activities associated with SWIFT, including administrative tasks and privileged account access, is the key to detecting concerning behaviour. Advanced data analytics make it possible to create a picture of regular daily activity and to detect unusual and abnormal actions.

Reducing the attack surface

Automated monitoring of all access points ensures potential vulnerabilities are identified and, if necessary, patched, before incidents occur.

Securing the environment physically

Stringent cyber-security isn’t just about deploying smart software to foil attacks – it’s also concerned with securing the premises where sensitive infrastructure and systems are located. Monitoring physical access cards and door systems and responding swiftly when there’s evidence unauthorised personnel may be trying to enter a restricted area helps prevent opportunistic interference with the network.

Preventing the compromise of access credentials 

Deploying malware to harvest employee credentials which can be used to access systems unlawfully is a favoured modus operandi for cyber-criminals. SWIFT members reduce their chances of being compromised in this fashion through the use of robust two-factor authentication.

Managing identities and privileges

Read more: Microsoft's $25k AI challenge: predict which Windows PCs will be infected with malware

SWIFT Members are aware of who is accessing every aspect of the system within their organisation at any given moment, thanks to sophisticated monitoring software.

Detecting unusual activity

Alterations to operating systems, critical files and configuration can be warning signs that fraudulent activity is soon to occur. Deploying anti-malware to detect such attempts allows SWIFT members to thwart many assaults by cyber-attackers.

Sharing information and coordinating responses

Receiving real time insights from security monitoring software allows SWIFT members to respond swiftly to incidents and mitigate or impede the progress of attacks more effectively.

Locking down the enterprise

Robust cyber-security measures are an essential investment in the digital era. Whether data or dollars are at stake, mitigating rising threats posed by hackers and cyber-criminals is imperative for every organisation which values its integrity, reputation and bottom line.

 

 

Tags malwareLogRhythm

Show Comments