SWIFT Bank Messaging: If You Think You Are Secure, Think Again

bigstock-125077052

In order to fully secure a banking system banks must ensure that their messaging and transactional systems are fully secured and maintained. However, according to a Reuter’s report, small banks are well behind the curve in securing SWIFT terminal communications, leading to a number of security breaches, including one at a Bangladesh bank that netted thieves over $80 million. According to the report, SWIFT was not monitoring or tracking security incidents because the company falsely believed that bank regulators, and not SWIFT, were responsible for security monitoring of smaller banks.

What does this mean for your bank? Simply put, it comes down to the one basic rule you most likely follow in business: Take ownership. Regardless of the vendor or products used in your environment, in a breach all eyes will be on you and your institution. This places an emphasis internal controls and monitoring to protect your customers’ data as well as your own internal data.

Small Banks: The Weak Links

Cyber attackers are increasingly targeting smaller banks and financial institutions. The larger banks such as Bank of America, Citigroup and Wells Fargo have tried and true security methodologies in place to monitor and prevent breaches around the SWIFT messaging system as well as other transactional systems. Smaller banks though tend to lag in their security readiness for a number of reasons, including not enough trained staff, limited assets for security spending and the previously mentioned assumption that bank regulators were doing the security monitoring for them.

Since smaller banks and financial houses are increasingly bearing the brunt of these attacks, the need to act with prudence and focus to enhance the security of their systems becomes vital. Attacks can now take advantage of the interconnectedness of the banking system, thus posing a threat to overall banking stability worldwide.

An example of this occurred at a small . The bank, whose identity regulators declined to provide, discovered that it had been breached by hackers and was compromised by malicious software that targeted not the bank itself, but was directed at disrupting the Federal Reserve and its payment systems. This makes smaller banks essentially the weak links in the security of the financial system.

SWIFT Taking Action

SWIFT is taking action to address the concerns mentioned in the Reuters article. In July 2016, SWIFT announced that it hired two external cyber security firms to bolster its internal expertise (BAE Systems and FOX-IT2), as well as creating a cyber-defense team to share its best practices with SWIFT customers.

Additionally, SWIFT announced that it created a “Forensics and Customer Security Intelligence” team to help its customers collect anonymized data and investigate their own security incidents, using best practices established by its own cyber-defense team. Part of this initiative includes a reminder to customers to inform SWIFT of any active or suspected security incidents so they can be remediated accordingly.

Despite all of this, the old adage of “the best defense is a good offense” rings loud and clear.

Developing An Action Plan For Your Bank

The first step you need to accomplish will be to review and enhance your overall monitoring strategy. Part of this process in making sure that you are asking the right questions of your organization. Some of the questions I ask are:

  • What steps are your vendors taking to monitor and communicate security issues to your organization?
  • With applications such as SWIFT, how complete is your security monitoring of traffic?
  • In what ways is your organization taking a proactive approach in not only making monitoring changes in response to new threats, but also in working with your third party vendors (particularly those that touches your data outside of your internal network) to identify and stop threats in their tracks?
  • Have you worked with an experienced, external partner such as Champion to conduct a review of your data flow to identify your potential data loss points?

The information gathered from these points will give you a solid foundation from which to strategize both internally and with Champion in order to develop your offensive cyber security strategy.

Securing Your Environment

Although SWIFT’s efforts and information sharing initiatives have grown significantly, ultimately securing your institution falls to you. As smaller banks and financial institutions are increasingly targeted by attackers as potential bounties of low hanging fruit, the priority of securing your data, especially in terms of SWIFT transactional data, needs to be at the top of your list. Engaging Champion to identify your security shortfalls and to identify a plan to harden your data is a cost effective and efficient way to start on the road to cyber security peace of mind.

PREV

6 Cyber Security Tips for Financial Institutions

NEXT

Meeting ISO 27001 Regulatory Concerns in Mobile Compliance Training for IT Staff

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.