Transferring money from our bank accounts has never been easier than it is today. With a single click on our smartphones, we can transfer money from a bank account in New York to an account at a different bank in the Netherlands.
This advancement is largely a result of the fluent communication between banks around the world, facilitated by SWIFT, the Society for Worldwide Interbank Financial Telecommunication.
Founded in 1973, SWIFT is an organization providing banks and financial institutes worldwide with a communications network allowing them to execute financial transactions in a secure and standardized method. Over time, SWIFT has become synonymous with financial communications, so much so that the majority of the world’s financial institutions use it.
Technological progress aside, being the sole guardian of most of the world’s money as it’s transferred between institutions is a position that comes with great risk. As such, SWIFT has become a magnet for white-collar scams and hackers preying on the biggest money highway in the world. The past two years alone have seen at least three successful attacks on SWIFT servers, while unsuccessful ones are carried out daily by hackers around the world.
In 2016, using SWIFT credentials, hackers were able to steal $81 million by sending a dozen transfer requests to the Federal Reserve Bank of New York, asking to transfer millions of dollars out of the Bank of Bangladesh’s funds and into different accounts in the Far East.
In November of 2017, hackers attacked the SWIFT servers of a Nepalese bank, stealing a total of $4.4 million and moving them to the US, UK and Japan using fraudulent SWIFT messages. Only a month later, hackers attempted to steal 55 million Rubles from the Russian state bank Globex using the same method. They were actually stopped and only managed to steal about $100,000.
The influx in hacking attacks on SWIFT didn’t happen in a void. It is a direct result of the technological advances hackers have made and the growing sophistication of their methods. And when it comes to SWIFT, which is handling trillions of dollars daily, hackers go out of their way to succeed.
Due to these latest attacks, SWIFT called out to its more than 11,000 linked financial institutions to reinforce a Customer Security Program (SWIFT CSP) by December 31, 2018. The program contains a number of mandatory protection methods, which all SWIFT organizations must enforce by the deadline.
Lowering Risk, Increasing Security
To meet the aggressive deadlines, and effectively implement a SWIFT CSP compliance program, many organizations are turning to third-party security solutions that can assist and automate monitoring and protection of vulnerable systems. Below is a list of SWIFT CSP requirements and some examples of how third-party solutions can help to protect databases and data flow.
SWIFT Environment Protection
SWIFT requires all members to ensure the protection of the user’s local SWIFT infrastructure from potentially compromised elements that originate in the general IT environment or external environment surrounding the SWIFT server.
For database infrastructure, a robust database firewall will provide the solution for this requirement, by functioning as a buffer between the SWIFT system and connected database components, preventing unauthorized access to relevant data records.
Internal Dataflow Security
This requirement is meant to guarantee the confidentiality, integrity, and authenticity of data flows between the local SWIFT-related applications and their link to the operator PC.
One way this requirement could be met is to deploy a web application firewall (WAF) to secure the connection between the user’s PC and the local SWIFT application (if web-based) to block unauthorized access.
SWIFT urges its members to minimize the occurrence of known technical vulnerabilities within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk.
Organizations wishing to follow this requirement can do so by setting up a system that supports vulnerability assessments for databases in the SWIFT environment. This way members can ensure that the most recent security updates are installed on the operating system and the database.
According to the CSP, members must ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy.
It’s important that the password policy is applied consistently within all the applications of an organization’s SWIFT infrastructure. As a best practice, many organizations use security solutions to help them ensure the policy is followed by actively scanning to identify and alert them of policy violations such as the use of weak passwords that could compromise the security of the network.
Logical Access Control
SWIFT requires members to enforce the security principles of need-to-know access, least privilege, and segregation of duties for operator accounts.
To meet this requirement, organizations can often use capabilities built into their software to establish user roles and access control lists. However, this too should be continuously monitored for compliance and is best done by deploying a security solution that detects and alerts them on attempts to breach system privileges.
Logging and Monitoring
All members of the SWIFT network must utilize a logging system that is able to record activity such as system logins, user IDs, network IPs, messages sent, message recipients, transaction details, and other information – then establish procedures to continuously monitor the system.
Many organizations lack the resources and skills to effectively analyze real-time events or search through massive amounts of log data and identify which log entries might indicate a threat or breach. Security monitoring tools can help automate the process using machine learning and artificial intelligence, filtering out “noise” while quickly identifying events that could indicate a serious risk and sending immediate notification or stopping the activity.
Cyber Incident Response Planning
To adhere to the CSP terms, members are required to activate a consistent and effective approach for the management of cyber incidents.
This is a procedural requirement that requires ongoing management that can be time consuming and costly. Organizations can greatly simplify the process and reduce costs by using solutions that automate the process, monitoring activity by policy, and identifying, detecting and alerting on risks, and helping stop potential breaches in real time.
Shortening the SWIFT Compliance Process
Organizations and institutions wanting to ensure their place on the SWIFT white list can use third-party solutions to simplify SWIFT CSP compliance. Imperva solutions provide organizations with solutions that will lighten the load, saving the organization precious time and effort.
Imperva SecureSphere provides a unified security platform that monitors and protects applications, data flows and databases. SecureSphere provides options for a Web Application Firewall (WAF), Database Vulnerability Assessment and Monitoring, and a Database Firewall (DBF).
A combination of SecureSphere and CounterBreach, Imperva’s behavioral analytics solution that detects risky data access behaviors, will provide maximized security for financial institutions seeking compliance for inclusion in the SWIFT network.