As SWIFT Compliance Deadline Nears, New Attacks Raise the Stakes

With only a month remaining before the SWIFT Customer Security Controls Framework compliance mandates kick in (self-attestation is due by end of December 2017), time is running out for many banking, financial, and enterprise organizations (yes, many large companies are directly connected to the SWIFT network operating their own internal banks). While regulatory compliance is frequently regarded as an onerous administrative overhead that provides minimal benefit, The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is responding directly to an increasing number of damaging attacks on its services, orchestrated from its customers. The Bangladesh Bank hack, which saw thieves steal $81m has been joined by recent attacks on Far Eastern International Bank and Nepal’s NIC Asia Bank. According to Karel De Kneef, Directory of Security Operations at SWIFT, these types of attacks have exploited “basic security weaknesses in the targeted customers’ perimeter and internal network security.” Many organizations clearly are aren’t adequately executing on cyber security fundamentals, and, starting January 2018, the SWIFT response (pun intended) is to start naming and shaming those organizations that haven’t achieved compliance. As Kneef has underscored, “The determination, patience and cunning the attackers are demonstrating makes it more imperative than ever that customers rapidly deploy and maintain all basic cyber hygiene tools and measures, comprehensively adhere to recommended security controls, and incorporate all the elements set out in Swift’s Customer Security Programme.” Every organization, SWIFT customer or not, should be focusing on the sound security fundamentals to protect their environment and the sensitive data they hold/handle. BeyondTrust published a white paper to make it easy to understand how our privileged access and vulnerability management solutions map to SWIFT mandates. Download the white paper now. And, if you have specific questions on how BeyondTrust solutions can condense your attack surface, improve your security posture, and simplify your path to SWIFT compliance, please contact us.