In May, SWIFT CEO Gottfried Leibbrandt outlined a five-part plan intended to reinforce the security of the financial system.
SWIFT (The Society for Worldwide Interbank Financial Telecommunications), is a global member-owned cooperative and provider of the secure financial messaging services which banks use to send international money transfer instructions to each other. Leibbrandt's announcement was made at the 14th annual European Financial Services Conference in Brussels. It was significant because it was made in the wake of news emerging about a series of attacks on SWIFT customers, including one on Bangladesh Bank that had cost the central bank $81 million. It had become clear that there was an urgent need for SWIFT's customers to bolster their security.
SWIFT was criticized for the attacks, however, as Leibbrandt explained and SWIFT has since repeatedly stated, there is no evidence that the SWIFT network and its core messaging services have been compromised in any of the incidents. Rather these have been caused by weaknesses at the customer end-points; security vulnerabilities within SWIFT customers' IT environments have enabled the cyberthieves to tunnel their way to the bank systems "where the SWIFT instructions are generated and the confirmations received".
Leibbrandt's call to action emphasized a commitment to bolster the cybersecurity of the transaction banking system – a system responsible for billions of dollars of financial transactions.
"Cybersecurity is serious," he told the crowd at the conference in Brussels. "Cybersecurity is part of our DNA – it is not an afterthought.”
Acknowledging that attacks on financial institutions will not cease, despite defenses put in place, he said this "doesn't mean we are resigned to it. Rather, it means that we must work even harder at our collective defensive efforts."
To that end, he emphasized that information sharing is essential in order to strengthen preventative measures. And, that's not just among banks, but third-party suppliers, policymakers, regulators and users as well.
His second point was to harden security requirements for customer-managed software to better protect their local environments.
Third, he said, SWIFT will enhance its guidelines and develop security audit frameworks for customers.
Fourth, he pledged that his firm will look to see what it can do to support banks' increased use of payment pattern controls to identify suspicious behavior.
And finally, he said SWIFT will introduce certification requirements for third-party providers.
"Now more than ever, we need to see innovation in security," he said.
This, he concluded, involves bringing on the next generation of pattern recognition, monitoring, anomaly detection, authentication, biometrics, and other innovations not yet developed aimed at improving security of the financial industry.Click here for the next Top Management pick Tim Cook, CEO, Apple