The financial sector is arguably one of the most interconnected worlds — and a clear target for cybercriminals. The World Economic Forum (WEF) has cited cyberattacks as a top global risk for several years running and its analysis shows that, across the globe, the good guys are not winning the fight.
In recent years, threats against the financial industry have become more organised, sophisticated, and global than ever before. In early 2016, Bangladesh Bank famously became the victim of a cyberattack that resulted in an attempted theft. While only a fraction of the funds were stolen, the event proved a watershed moment for the financial industry. In the few years since the Bangladesh Bank incident, we have seen the cyber threat continue to evolve, with banks now facing attacks of increasing levels of sophistication.
Cyber criminals seek to corrupt the local operating environment and payment processes of financial institutions by obtaining valid operator credentials and injecting fraudulent transactions directly into the interface that connects to the SWIFT network. Cyber criminals are skilled and determined, can breach networks in minutes and then evade detection for months. Once fraudulent payments have been sent, attackers will typically cover their tracks, hiding evidence of their actions. Using various tools and techniques, they delete or manipulate records and deliberately corrupt systems to confuse forensic experts. The longer it takes a bank to notice it has been attacked the better chance the criminals have of cashing funds out of the system completely.
Failure to secure systems and networks leaves institutions open for attack. No system is totally bulletproof, but there are ways to protect an organisation from the complex methods being used – these include being prepared for attacks succeeding. In its e-Book, Preventing institutional payments fraud: Basic defences, counter measures and best practices, SWIFT shares some suggestions for best practice and basic defences.
Best practice for reducing cyber threats
- Ensure good payment hygiene:Banks need to rigorously check confirmations and statements to mitigate the risk of fraudulent attacks on your back offices.
- Implement security controls:Engaging in regular security benchmarking and audit exercises enables you to detect gaps and lapses in your security controls.
- Know your counterparties: Your understanding of potential counterparts’ cyber and compliance risks is key to your decision-making around whether and how to do business with them. Cybersecurity risks represented by their counterparties also need to be assessed. Industry Know-Your-Customer(KYC) utilities can help by allowing banks to centralise and share information about themselves with relevant counterparties.
- Limit your exposure: You should only do business with trusted counterparties – and only maintain relationships with those you trust.
- Understand the threat:Knowing your adversary is vital to protecting yourself against it. This goes hand-in-hand with sharing information around cyber-attacks.
The final point is particularly important as banks do not operate in a vacuum and are part of a wider ecosystem. They interact and transact with numerous counterparties on a daily basis. Sharing information will better enable the financial services community to defend itself against potential future cyber-attacks. Just consider, cyber criminals are doing the same thing.
The more relevant and timely intelligence information the financial community can share – through trusted channels – the better chance it has of avoiding or fending off an attack. SWIFT launched the SWIFT Information Sharing and Analysis Centre (SWIFT ISAC) to facilitate the community’s access to actionable cyber-security threat intelligence, enabling the community to better defend itself against potential future cyber-attacks.
Combating fraud is a challenge for the whole financial industry and there are no quick fixes. Cyber security will undoubtedly continue for the foreseeable future, but the threat can be turned into a manageable nuisance if financial organisations are vigilant, maintain robust cyber defences, and collaborate with each other as much as possible.
By Brett Lancaster, Head of Customer Security, SWIFT
Write to us firstname.lastname@example.org