The CEO of the Swift banking network has laid out a five-point plan designed to improve the security of the global banking system following the high profile $81 million cyber heist at Bangladesh central bank and similar attacks on other financial institutions.
Delivering a keynote address at the 14th annual European Financial Services Conference in Brussels yesterday, Gottfried Leibbrandt repeated Swift’s claim that it wasn’t to blame for the incidents and that its network, software and core messaging services have not been compromised.
However, he stressed the need for greater information sharing within the industry, claiming that there have been “at least two, but possibly more,” attacks like that which resulted in the huge theft from the central bank of Bangladesh.
“Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like Swift can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities. We are doing so,” he explained.
“But information sharing needs to get better, much better. It is critical that the global financial community works together to bolster our mutual security.”
Swift’s plan is to ask for even more information from its customers and to share that with the banking community in a confidential manner.
The other elements of the five-point plan include hardening security requirements for “customer-managed software,” and enhancing Swift guidelines and developing audit frameworks for its customers.
“Fourth, we will look to see what we can do to support banks’ increased use of payment pattern controls to identify suspicious behavior,” Leibbrandt continued.
“And finally, we will introduce certification requirements for third party providers.”
In conclusion he called on the community to step up innovation efforts in areas like pattern recognition, monitoring, anomaly detection, authentication, and biometrics to help fortify systems against attack.
Vietnam’s Tien Phong Bank has now admitted it was the target of a failed attempt at cyber robbery by a group which seems to have used the same MO as Bangladesh Bank attackers, but the other financial institution named by Leibbrandt remains a mystery.
For its part, the Bank of England is said to have reacted quickly to the incident, ordering UK banks to perform compliance checks soon after the attack to ensure they’re following cybersecurity best practice.