Global inter-bank payment systems, SWIFT, has put its foot down after a series of hacks and breaches of several prominent banks has put into question the company’s security infrastructure. Gottfried Leibbrandt, the CEO of SWIFT, has publicly threatened member banks with expulsion from the SWIFT system due to the success of the cyber-attacks.
The days when you needed to break into a bank and carry guns and blow torches are over. You can now rob a bank from just your own PC and that does change the game completely.
– Gottfried Leibbrandt, Swift chief executive
Leibbrandt agrees that the breaches “changed the game completely” and the message aimed at the banks was in response to criticism of SWIFTs own cyber security. Furthermore, in a discussion with the Financial Times, Liebbrandt weighed the need to improve security with strict enforcement. Liebbrandt notes that inclusion in the SWIFT network should mean that the bank maintains a certain standard of security, however he also understands that that a happy medium is required, in which the requirements are not too strict, lest it lead to banks seeking laxer and unsafe alternatives.
Liebbrandt’s Financial Times interview comes on the coattails of their security improvement initiative which brings with it more stringent security and operations protocols, rigorous audits and certification best practices. To further bolster the process, SWIFTs new security protocols will be regulated both internally and externally by national and international governing bodies.
By far the biggest black eye to SWIFT came when cybercriminals almost stole nearly a billion dollars from the central bank of Bangladesh. A fluke spelling mistake in the name of one of the beneficiaries sent up a red flag and, with a bit of investigation, the majority of the funds transfers were stopped. Just step back from a moment and take in the severity of this example. When a security system must rely on luck or the ineptitude of criminals, it can neither be considered secured or a system, as the former would mean that the proper technology and resources are deployed to identify, analyze and act upon the issue, and the latter would suggest that redundancies are in place to guarantee that it would be handled correctly.
The aftermath of the attack on the Bangladeshi bank saw well known security company, Symantec, analyze the code the attackers used and linked it to those used by black hat operatives from a known North Korean syndicate. Renowned security firm, BAE Systems believes that it may be the work of the same group that launched the infamous attack on media giant, Sony.
Cyberterrorists are no joke and operate on a totally different league that your average hacktivist that operates out of their mother’s basement. These groups are well-organised, well-funded and well-educated. Facing these types of criminals, it is not only a good thing that SWIFT is stepping up their security, it is absolutely necessary. To SWIFTs credit, their open threat to the financial institutions currently utilising their system may very well be the swift kick (pardon the pun) that the banks needed to ensure that they push IT security to the top of their priority list. It would be to the detriment of all parties (including the customers) should they ignore this warning.