Global financial messaging provider Swift is mooting the idea of dropping banks with weak security off its network, in a hardline approach which could force its clients to improve their response to recent cyber attacks.
Speaking ahead of the release of the organization’s “dedicated customer security program” last week, Swift CEO Gottfried Leibbrandt told the FT that the sophistication of these attacks – one of which resulted in the theft of $81m from Bangladesh Bank – had “changed the game completely.”
He told the paper:
"We could say that if the immediate security around Swift is not in order we could cut you off, you shouldn't be on the network. There are pros and cons to that. The pros are that it provides clarity that if you are on the Swift network you need minimum standards. I think the con is if you do it too heavy handed you could drive people to unsafe channels."
In a bid to head of criticism of its handling of the incidents, for which it 100% blames banks’ internal IT security, Swift has released a new set of guidelines for its clients designed to improve baseline security.
This will involve Swift asking for more information on attacks from its customers and sharing more back with them; stronger requirements for customer-managed software; increased remote monitoring of customer environments; roll-out of 2FA and other tools to harden Swift products; and the development of audit standards and certifications for the secure management of Swift messages by client banks.
Also mooted are the creation of tools to detect anomalies on the Swift network, and other technologies designed to recall transfers quickly if they come from fraudulent messages.
Swift also promised to “foster … a secure ecosystem” of third party consultancies, hardware and software providers, fraud detection specialists and the like.
Right at the top of the priority list will be expanding information sharing efforts inside and outside of the network, and “forensic analysis on products and services related to SWIFT connectivity at affected banks.”
Since the $81m cyber heist from Bangladesh’s central bank, it has emerged that several other financial institutions were also targeted by hackers using a similar MO.
Security giant Symantec claimed recently that the attackers shared malware with those behind the Sony Pictures Entertainment hack – thought by some to be linked to North Korea.