Recent high-level attacks on member banks could force SWIFT to suspend the membership of those whose cyber security level is weak, says its chief executive officer (CEO).
In interviews with the Financial Times and Reuters, Gottfried Liebbrandt indicated that the global financial messaging service might need to scale back some of its operations to help pay for planned new security initiatives.
A number of banks using the SWIFT network have suffered actual or attempted thefts in recent months. The most notable was the theft last February of US$81m (£56m) from Bangladesh’s central bank, by criminals sending fraudulent payment instructions via SWIFT,
“The days when you needed to break into a bank and carry guns and blow torches are over,” Leibbrandt told the FT. “You can now rob a bank from just your own PC and that does change the game completely.”
In his separate interview with Reuters, he said that before February he had been unaware of any attempts to hack into a bank’s SWIFT terminal and focused SWIFT’s security activities on its own infrastructure.
After the Bangladesh heist, other banks came forward and revealed they had been victims of attacks. SWIFT discovered, by examining inquiries to its customer support department, that other banks had also likely been compromised.
Responding to the news that SWIFT might remove banks with weak cyber defences from its network, David Kennerley, director of threat research at cybersecurity firm Webroot, commented: “The monetary gains from financial cybercrime can be incredibly high. I hope this development represents a new chapter for SWIFT, understanding that good security posture of their payment ecosystem is reliant on more than just a ‘secure’ application.
“It’s also essential that the network and devices where the systems reside are as secure as possible – with users trained to spot and report anomalies as quickly as possible while following a well-defined set of security practices.
“Minimum cybersecurity standards should be welcomed across the industry, but the risk of driving people to unsafe channels is real. SWIFT needs to help educate organisations and support them to meet the minimum network standards. The fact is, cybercriminals only need to find one hole in the defence, while as security professionals we have to secure all.
“It’s never going to be an easy task, but education and relevant processes, combined with the relevant technologies, the sharing of information and best practices gives SWIFT users and organisations in general the best possible chance to mitigate the risks associated with cybercrime.”
The FT noted that it is rare for SWIFT to exclude banks from its network, which processes 25m messages a day for billions of dollars’ worth of transfers. Ian exception was in 2012, when it was forced to exclude some Iranian banks because of European sanctions, but they were reconnected this year when sanctions were lifted.
Forecasts for 2016-2020 place Africa as the second fastest growing region in the world (at a compound annual growth rate (CAGR) of 4.3%), just below Emerging Asia.
Data from Swift’s latest RMB tracker shows exceptional growth in RMB adoption in the United Arab Emirates (UAE), witnessing a 210.8% growth in payments value of the currency since August 2014, albeit from a low base.
SWIFT has announced that it has successfully completed the first phase of the global payments innovation (GPI) initiative pilot, clearing the way for the go-live of the service in early 2017.
Sentiment in the financial services sector deteriorated in the three months to September, as firms digested the challenges of lower interest rates and the uncertainty caused by the vote to leave the European Union (EU), according to the latest CBI/PwC Financial Services Survey.