The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security.
The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank.
These cyber-heists1 relied on hackers using malware infecting bank terminals to obtain login credentials for the SWIFT messaging system, allowing crooks to send fraudulent transfer orders.
In response, SWIFT said it will "expand" its use of two-factor authentication as well as mandating “baseline” security standards, which financial institutions will be assisted in meeting.
SWIFT’s customer security programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
Richard Brown, director of EMEA channels & alliances at DDoS mitigation vendor Arbor Networks, welcomed the tougher line and called for an increase in collaboration between international banks.
“This announcement from Swift will hopefully force banks to take even further steps to proactively assess and improve their security posture,” Brown said. “The financial services industry is one of the best at sharing threat intelligence and organisations such as CERT-UK are promoting this across different verticals. This style of collaborative approach against cybercriminals will be far more effective than each individual organisation fighting their own battle.”
Banks are already among the most heavily regulated organisations, thanks to regulations such as PCI and Sarbanes–Oxley. Brown reckons there’s still room for improvement.
“The news that Swift will not work with any banks with sub-standard security standards will be welcomed by the public, but also worry many financial institutions,” Brown said. “Banks are an attractive target for cybercriminals because of the money and valuable data they hold. Just this week we saw the Federal Reserve announce it has been hacked more than 50 times in the past five years, so it is clearly losing the battle against cybercriminals.”
David Kennerley, director of threat research at cybersecurity firm Webroot, added: “The monetary gains from financial cybercrime can be incredibly high. I hope this development represents a new chapter for Swift, understanding that good security posture of their payment ecosystem is reliant on more than just a ‘secure’ application. It’s also essential that the network and devices where the systems reside are as secure as possible – with users trained to spot and report anomalies as quickly as possible while following a well-defined set of security practices.”
SWIFT has consistently blamed affected banks for security breaches.
“SWIFT’s network, software and services have not been compromised; each case occurred after a customer suffered a series of security breaches within their locally managed infrastructure,” SWIFT said in its latest statement.