Story image

Securing SWIFT networks vitally important for cyber attack prevention

11 May 18

Businesses that use the SWIFT network must comply with SWIFT’s Customer Security Programme (CSP) or face the risk of attacks.

Those attacks, which can cost both organisations and their customers money, can be prevented with a strong security posture and absolute visibility, says ForeScout. The company believes that visibility should be non-negotiable.

ForeScout CMO Steve Redman explains that SWIFT is a banking communications platform that manages most financial transfers between banks and organisations.

“The number and severity of cyber attacks targeting SWIFT networks is growing. However, attacks happen entirely through the customer enterprise, as opposed to the infrastructure that SWIFT owns and operates, putting the onus for security squarely on banks and businesses,” he says.

The SWIFT Customer Security Programme (CSP) is designed to drive security improvement and transparency for the world’s financial community, and also to help customers prevent cyber fraud.

“SWIFT hacks happen when cybercriminals get in between the customer’s network and the SWIFT network. There, they can change or reroute messages and even currency, making a successful SWIFT hack highly lucrative for cybercriminals,” Redman continues.

“It is therefore absolutely critical to gain 100 per cent visibility into all SWIFT components. 99.999999%  isn’t good enough. From clients and servers to gateway devices and network fabric, no part of the network should remain invisible. Many of these devices can’t or shouldn’t run agents but that shouldn’t prevent customers from gaining visibility into them. They simply need to run an agentless solution to get that visibility. Anything left unseen is a potential attack vector.”

ForeScout says the CSP provides a common set of security standards and requirements, not just a technology solution. It includes three key objectives: secure the environment; know and limit access; and detect and respond to threats. 

There are also eight principles that govern the CSP:

1.  Restrict internet access
2.  Protect critical systems from the general IT environment
3.  Reduce attack surface and vulnerabilities. 
4.  Physically secure the environment
5.  Prevent compromise of credentials
6.  Manage identities and segregate privileges
7.  Detect anomalous activity
8.  Plan for incident response and information sharing

“It’s also essential to understand the context and severity of risks and potential consequences so the customer can take intelligent action to mitigate that risk. Customers need to be able to control how risks are dealt with so the entire system doesn’t come to a stop just because someone forgot their password, for example,” Redman says.

“There is no silver bullet to prevent SWIFT attacks but organisations can make themselves very unattractive targets by hardening their security and gaining that complete visibility,” he concludes.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.