Earlier this year SWIFT, a Belgian co-operative which enables customers to connect and exchange financial information, launched a five-part plan to prevent cyber attacks.
The co-op was in the news in February when thieves hacked into SWIFT software at the Bangladesh Central Bank and stole USD $81m by sending messages to the Federal Reserve Bank of New York. According to SWIFT, the compromise occurred at its customer’s local environment.
In collaboration with cyber security firms, SWIFT’s Customer Security Intelligence team is working to build the co-operative’s customer security information sharing initiative. As part of the scheme, the group is investigating customer security incidents and supports customers’ own investigations to ensure they are securing their own local environments.
The Customer Security Programme was designed to help detect and prevent attacks against SWIFT customers and involves proactive intelligence-gathering and forensic analysis. The co-op has also published customer-anonymised findings about the modus operandi used in the attacks, developed multiple Indicators of Compromise and provided customers with details on how to protect against such attacks.
In addition, SWIFT has launched Daily Validation Reports, which enable customers to quickly recognise any fraudulent transactions. Speaking to CSO Online, Pat Antonacci, head of Customer and 3rd Party Engagement for CSP at SWIFT, said the programme was already showing results.
“In 80% of the cases since the Bangladesh attack that we’ve finished investigating, we have prevented the attacks using the measures we have introduced through the customer security program,” he said.
SWIFT is also publishing a series of videos with tips on how financial institutions can better protect against cyber attacks. Crucial to the approach is detecting malicious insiders, or people abusing the power given to them as soon as possible.
Alain Desausoi, deputy chief information security officer at SWIFT, explains: “Malicious insiders have a broad range of capabilities in your organisation and you need to ensure that only those people who need to have a access to the a certain function have that access. So segregation of duties in fundamental.”
Mr Desausoi suggested having multiple operators but ensuring that only part of operators can have access to part of infrastructure, segregating the impact.
“There is no silver bullet to absolutely prevent such a situation,” he added.
Experts interviewed by SWIFT suggested collecting data across the system to monitor for insider capability and use, in order to spot any unusual behaviour. They also encouraged financial players to have an incident response plan.