News by sections
ESG

News by region
Issue archives
Archive section
Multimedia
Videos
Search site
Features
Interviews
Country profiles
Generic business image for news article Image: Shutterstock

26 May 2016
Brussels
Reporter Stephanie Palmer

Share this article





SWIFT: Collaboration key in cyber security

SWIFT has unveiled a five-point plan for tackling cyber crime in the financial system and to help protect its customers on a global scale, following the high-profile theft of millions of dollars from the Central Bank of Bangladesh.

Speaking at the European Financial Services Conference in Brussels, SWIFT CEO Gottfried Leibbrandt addressed the threat of cyber attacks in the industry, calling it a “critical issue for the financial system”.

In the Bangladesh attack, hackers managed to orchestrate the sending of fraudulent payments to several accounts in the Philippines by infiltrating SWIFT Alliance Access software running on the central bank’s own infrastructure using malware.

They attempted to steal $951 million, most of which was blocked before it left the central bank. Of the $101 million that was successfully transferred, only $20 million has been recovered.

The attackers also skilfully covered their tracks so that the breach was not discovered until after the stolen money had been laundered.

Leibbrandt suggested that the cyber attack on the Central Bank of Bangladesh is likely to become a “watershed” moment for the industry, adding that at least two other attacks have been carried out using the same technique.

He said of the cyber attacks: “SWIFT, our network, software and our core messaging services have not been compromised. In Bangladesh and the other cases, the thieves compromised the IT environment and worked their way to the bank systems where the SWIFT instructions are generated and the confirmations received.”

“And while we (and other providers) give tools and software to our customers, our customers run these in their own environment and need to keep them secure. We cannot secure our customers’ environments and cannot assume responsibility for that.”

He conceded that SWIFT plays a significant role in the system and that it should be a part of the solution, which will require collaboration from all sectors of the industry. But he said: “SWIFT is not all-powerful, we are not a regulator, and we are not a policeman; success here depends on all the stakeholders in and around the industry.”

SWIFT’s five-point plan, dubbed the Customer Security Programme, begins with information sharing. According to Leibbrandt, SWIFT has stepped up its efforts in sharing information, and the rest of the industry should be striving to improve as well.

“We are calling for a collective effort in our global financial community to reinforce the security of our entire, shared system,” he said. “Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities.”

Leibbrandt also pledged that SWIFT will: improve security requirements for customer-managed software, in order to better protect local environments; improve SWIFT guidelines and help develop security and audit frameworks for customers; and introduce certification requirements for third-party providers.

SWIFT will also try to provide more support with regards to payment pattern controls, helping banks to identify suspicious behaviour.

Cyber crime poses a significant risk, Leibbrandt said, and there will be attacks, some of which will be successful. However, he stressed: “Acknowledging this doesn’t mean we are resigned to it. Rather, it means that we must work even harder at our collective defensive efforts.”

Advertisement
Get in touch
News
More sections
Black Knight Media