You may have guessed by now that i am pretty interested in SWIFT, and was particularly keen to hear what the SWIFT CEO (Gottfried Leibbrandt) would cover in a speech he gave to a Financial Services Conference in Brussels yesterday. Following the revelations from the recent SWIFT related hacks there was a greater degree of anticipation from the worlds media, financial institutions and corporates (i dont think that is over-hyping it!). As i read the speech, i made the following notes:
1. Cyber Security Keeps the SWIFT CEO Awake at Night
Clearly Gottfried is keen to stress the importance of security, and that is the first thing the SWIFT CEO talks about. Describing how the cyber risk is the main thing that keeps him up at night!
The multi-billion dollar value of transactions flowing through the SWIFT network can only happen if their is trust in SWIFT – which according to Gottfried requires the network to have paramount Confidentiality, Integrity and Availability.
2. Cyber Security is part of SWIFT’s DNA
Gottfried makes a couple of interesting points explaining how:
- Cyber security is not an after-thought at SWIFT – which, lets be honest is often the case
- Cyber security is not just about systems (hardware and software), but about “people, processes, procedures and checks”
- The SWIFT mantra is FNAO – “Failure is Not An Option”
3. The SWIFT Network Has NOT Been Compromised
Gottfried repeated the standard press release verbiage that the SWIFT network, systems, software and core messaging network have not been compromised in the recent hacks. Ensuring that this tight security and the integrity of the network remain intact is SWIFT’s number one objective.
But the SWIFT CEO acknowledges that the cyber threat is increasing and there will be further attacks.
4. Cyber security is a BIG Deal
The Bangladesh Bank heist hit the headlines in a humongous way given the incredible dollar amounts involved. Gottfriend defined this as: “…a watershed moment for the banking industry; there will be a before and after Bangladesh“.
In the speech Gottfried talks about how the fraudsters compromised the bank systems
- 1.) by gaining unauthorised access to systems that create the payments, from which the fraudulent payments were pumped into the SWIFT network
- 2.) by hiding the details of the fraudulent payments in the payment confirmation and bank statements
That aint good because it:
- Potentially has the ability to bring down a bank altogether or even multiple banks due to the inter-connectivity between banks through the SWIFT network
- Breaks trust in the overall financial system
5. Cyber Security requires Collaboration
Gottfried was unequivocal in stating “We cannot secure our customers’ environments and cannot assume responsibility for that“. But recognises that SWIFT has a important role to play in the overall global payments process and that SWIFT needs to be part of the overall solution — see point 7 below
6. Sharing Information will strengthen Cyber Security efforts
The SWIFT CEO urged the global financial community to share information about the cyber threat through trusted information sharing channels, like SWIFT. Gathering data about the threats means that financial institutions can learn from one another and implement appropriate controls and security measures.
Gottfried in this part of the speech champions the notion of a collective mission, speaking about:
- “global financial community have to be willing to share that information”
- “It is critical that the global financial community works together to bolster our mutual security“
- “security is our collective mission and can only be strengthened through a collaborative approach”
7. SWIFT will unveil a 5 Point Customer Security Program
Next Gottfried outlined a Customer Security Program aiming to strengthen overall security by:
- Promoting better collaboration, basically sharing information relating to cybersecurity, across SWIFT participants
- Strengthening the local security requirements within customers local environments
- Updating SWIFT guidelines and creating SWIFT security audit frameworks
- Getting banks to use payment pattern controls, so that they can spot suspicious/dodgy payment requests
- Introducing a formal security certification requirements for third party providers
These can only happen if there is cooperation within all participants.
8. The Security Threat is Evolving
In the old days the threat was men in balaclavas with guns, and now its “hoodies hunkering over keyboards“. Unprecedented connectivity brings about new and growing challenges.
9. Innovation is the Problem & the Solution
Gottfried discussed how technology has improved the banking experience but at the same time introduced new threats. And how these new cyber threats require innovative solutions to help preserve the integrity of the financial industry.
10. “Sometimes it takes a crisis” – Gottfried Leibbrandt
Gottfried detailed how the current cyber threat and recent hacks are incidents that the financial industry should use to bolster their security procedures and emerge stronger and more secure from.