SWIFT, the Belgian co-operative that enables customers to connect and exchange financial information, is set to implement a five-part plan to prevent cyber attacks.
Set up in 1972, the co-op has become the world’s leading provider of secure financial messaging services. In February, thieves hacked into SWIFT’s software of the Bangladesh Central Bank and stole USD$81m (£55.9m) by sending messages to the Federal Reserve Bank of New York.
Speaking at the 14th annual European Financial Services Conference in Brussels on 24 May, chief executive Gottfried Leibbrandt talked about the co-operative’s plans to reinforce security.
“Cyber security is serious. It’s a critical issue for the financial system – and it’s a critical issue for SWIFT,” he said. “Cyber security is part of our DNA – it is not an afterthought. Not just hardware and software, but people, processes, procedures, checks, in fact a whole organisation for whom failure is not an option.” He added that SWIFT’s network, software and core messaging services had not been compromised.
Mr Leibbrandt thinks the recent fraud at Bangladesh will prove to be a watershed event for the banking industry, not only because banks are compromised, but also because the financial system is interconnected. He highlighted that SWIFT provided tools and software to its customers, but it was customers themselves who ran these and needed to keep them secure.
“We cannot secure our customers’ environments and cannot assume responsibility for that,” he said. Sharing information is, according to Mr Leibbrandt, key to addressing the cyber threat.
“Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities. We are doing so. But information sharing needs to get better, much better. It is critical that the global financial community works together to bolster our mutual security.”
SWIFT’s chief executive suggested a collaborative approach to the threat, encouraging third party suppliers, policymakers, regulators, users and large-scale banks to work together.
Promising that SWIFT would do “much more”, he said: “We are the global bank-owned co-operative at the heart of the global payment system, a system that is facing a persistent threat. We are stepping up to the plate as our owners and overseers expect us to.”
As part of its five-step plan, SWIFT will demand more information of its customers and share that with the community in a confidential way, protecting the identity of the institution and customers.
As the saying goes: ‘a crisis is a terrible thing to waste’; so let’s use this crisis as an industry to come out stronger
Another measure will be to harden security requirements for customer managed software to better protect their local environments. The co-op plans to enhance its guidelines and develop security audit frameworks for customers. In addition, SWIFT will work with banks to support their increased use of payment pattern controls to identify behaviour. Certification requirements for third party providers will also be introduced.
Mr Leibbrandt warned that while they were a positive step forward, technological advances could also open the door for “increasingly complex cyber threats”. More innovation in security is required, he said.
“The cyber challenge is huge, and demands action, and change, by all stakeholders. And change is hard. Sometimes it takes a crisis. As the saying goes: ‘a crisis is a terrible thing to waste’; so let’s use this crisis as an industry to come out stronger, better and even more secure,” concluded the chief executive.