With only a month remaining before the SWIFT Customer Security Controls Framework compliance mandates kick in (self-attestation is due by end of December 2017), time is running out for many banking, financial, and enterprise organizations (yes, many large companies are directly connected to the SWIFT network operating their own internal banks).
While regulatory compliance is frequently regarded as an onerous administrative overhead that provides minimal benefit, The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is responding directly to an increasing number of damaging attacks on its services, orchestrated from its customers. The Bangladesh Bank hack, which saw thieves steal $81m has been joined by recent attacks on Far Eastern International Bank and Nepal’s NIC Asia Bank. According to Karel De Kneef, Directory of Security Operations at SWIFT, these types of attacks have exploited “basic security weaknesses in the targeted customers’ perimeter and internal network security.”
Many organizations clearly are aren’t adequately executing on cyber security fundamentals, and, starting January 2018, the SWIFT response (pun intended) is to start naming and shaming those organizations that haven’t achieved compliance.
As Kneef has underscored, “The determination, patience and cunning the attackers are demonstrating makes it more imperative than ever that customers rapidly deploy and maintain all basic cyber hygiene tools and measures, comprehensively adhere to recommended security controls, and incorporate all the elements set out in Swift’s Customer Security Programme.”
Every organization, SWIFT customer or not, should be focusing on the sound security fundamentals to protect their environment and the sensitive data they hold/handle. BeyondTrust published a white paper to make it easy to understand how our privileged access and vulnerability management solutions map to SWIFT mandates. Download the white paper now.
And, if you have specific questions on how BeyondTrust solutions can condense your attack surface, improve your security posture, and simplify your path to SWIFT compliance, please contact us.
Brian Chappell, Chief Security Strategist
Brian has more than 30 years of IT and cybersecurity experience in a career that has spanned system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian has led Sales Engineering across EMEA and APAC, Product Management globally for Privileged Password Management, and now focuses on security strategy both internally and externally. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.