SWIFT threat to weed out weakest links

Recent high-level attacks on member banks could force SWIFT to suspend the membership of those whose cyber security level is weak, says its chief executive officer (CEO).

In interviews with the Financial Times and Reuters, Gottfried Liebbrandt indicated that the global financial messaging service might need to scale back some of its operations to help pay for planned new security initiatives.

A number of banks using the SWIFT network have suffered actual or attempted thefts in recent months. The most notable was the theft last February of US$81m (£56m) from Bangladesh’s central bank, by criminals sending fraudulent payment instructions via SWIFT,

“The days when you needed to break into a bank and carry guns and blow torches are over,” Leibbrandt told the FT. “You can now rob a bank from just your own PC and that does change the game completely.”

In his separate interview with Reuters, he said that before February he had been unaware of any attempts to hack into a bank’s SWIFT terminal and focused SWIFT’s security activities on its own infrastructure.

After the Bangladesh heist, other banks came forward and revealed they had been victims of attacks. SWIFT discovered, by examining inquiries to its customer support department, that other banks had also likely been compromised.

Responding to the news that SWIFT might remove banks with weak cyber defences from its network, David Kennerley, director of threat research at cybersecurity firm Webroot, commented: “The monetary gains from financial cybercrime can be incredibly high. I hope this development represents a new chapter for SWIFT, understanding that good security posture of their payment ecosystem is reliant on more than just a ‘secure’ application.

“It’s also essential that the network and devices where the systems reside are as secure as possible – with users trained to spot and report anomalies as quickly as possible while following a well-defined set of security practices.

“Minimum cybersecurity standards should be welcomed across the industry, but the risk of driving people to unsafe channels is real. SWIFT needs to help educate organisations and support them to meet the minimum network standards. The fact is, cybercriminals only need to find one hole in the defence, while as security professionals we have to secure all.

“It’s never going to be an easy task, but education and relevant processes, combined with the relevant technologies, the sharing of information and best practices gives SWIFT users and organisations in general the best possible chance to mitigate the risks associated with cybercrime.”

The FT noted that it is rare for SWIFT to exclude banks from its network, which processes 25m messages a day for billions of dollars’ worth of transfers. Ian exception was in 2012, when it was forced to exclude some Iranian banks because of European sanctions, but they were reconnected this year when sanctions were lifted.


Related reading