Keeping pace with attackers
The nature and impact of fraud across industry sectors has evolved significantly as adversaries have advanced their knowledge, with tactics, techniques and procedures continuing to change. Attackers are well-resourced, and racing to make use of new technologies. Organisations also need to remain vigilant to keep pace; for companies across the world cybersecurity is a pressing concern.
The need has become even more acute with the Covid-19 pandemic. Organisations have had to adapt processes, potentially accepting additional security risks. This has included staff changing to remote working, away from the secure office environment.
Cybercriminals have capitalised on the situation, changing their methods and creating new challenges for organisations, increasing the risk of crimes that target networks and devices. As a result, the pandemic has reinforced how organisations must continue to build up cyber-risk management frameworks and ensure a cyber-aware culture.
Role of the Customer Security Programme
In 2016, SWIFT launched the Customer Security Programme (CSP) to help customers ensure the security of their SWIFT-related infrastructure, and to defend against, detect and recover from cyber-crime. The CSP is now well established, with a strong track record for supporting customers with cyber risk management.
This is reflected in customer participation, with solid rates of attestation around compliance with CSP controls; and solid fund recovery rates, with the vast majority of funds targeted being recovered. The CSP also progresses in line with cyber-threats, with updates, enhancements and new features regularly completed.
Optimising threat intelligence sharing
In strengthening cyber defences, an area of paramount importance is information sharing, because an attack on one organisation can easily happen to another elsewhere in the world. The exchange of cyber-threat intelligence is critical for detecting and preventing attacks.
It’s established that cybercriminals work collaboratively to share intelligence, meaning that organisations must do the same and better. A starting point involves ensuring accessible, automatic API-enabled data feeds that can support timely action.
SWIFT shares threat intelligence with customers via its Information Sharing and Analysis Centre (ISAC). A key new feature is the Malware Information Sharing Platform (MISP), to which the ISAC migrated in February 2021. The easy-to-use MISP software is free and brings several benefits. These include easier onboarding and log-ins; synchronisation of threat events between servers for an automatic threat feed; and the ability to retrieve data in multiple formats.
Ensuring a strong payments infrastructure
For an effective approach to cybersecurity, organisations also need to ensure, on an ongoing basis, that they are putting in place strong detection measures. This includes real-time monitoring, alerting and blocking of suspicious outgoing payments, and implementing independent daily reporting.
CSP participants looking to build a comprehensive fraud control system can use the CSP in conjunction with SWIFT’s Financial Crime Compliance (FCC) tool Payment Controls (PCS). This is an intelligent in-network solution combining real-time monitoring, alerting and blocking of payments. It brings the ability to define and control screening parameters according to internal risk and compliance policies. This can serve as an additional barrier against fraud, helping customers to mitigate fraudulent attacks by detecting and preventing high-risk payments and supporting recovery.
It’s established that customers using the PCS are well positioned to recover all funds following an attack. And, since early 2021, the CSP has started to publish the profile of higher risk counterparties, enabling further PCS tuning.
Using attestation data for counterparty risk management
Whatever route an organisation takes, it is vital to confirm that they are only doing business with trusted counterparties. One way in which this can be achieved is through using CSP attestation data for counterparty risk management.
As a basis, SWIFT’s KYC Registry Security Attestation Application (KYC-SA) allows users to request attestation data from counterparties. It includes the function Grant All, which simplifies the sharing and consumption of counterparty attestation data amongst all institutions.
However some leading banks, as early adopters, are going further in using CSP attestation data for this purpose, and integrating it into their cyber risk management frameworks. This forms part of more accessible approaches to cybersecurity, to which SWIFT is committed. We are focused on delivering insights on approaches of this type to our community.
We know that other organisations may face challenges in this area, including a lack of resources. As a result, we are working with several banks to identify the success factors involved in developing processes around using attestation data for this purpose and getting the most value from it.
As we continue to support customers via the CSP, we believe that using attestation data for counterparty risk management can help organisations to strengthen their cyber defences. It is also one of the many aspects of cybersecurity processes which reflects the value of information sharing.
Find out more about the CSP, including expanded attestation requirements and the implementation of the Independent Assessment Framework, both with a year-end deadline, at www.swift.com