Muscat: Three years after the cyberattack on Bangladesh Bank, and the subsequent launch of SWIFT’s Customer Security Programme (CSP), SWIFT’s study of cyberattacks on banks, evidences how efforts to promote robust cyber security standards, the introduction of security-enhancing tools and an increase in the scope and quality of cyber threat intelligence sharing, are paying off.
Based on investigations conducted over the last 15 months, the report shows how closer industry collaboration resulted in the quick identification of financial institutions targeted by cyber criminals – in most cases, before attackers were even able to generate fraudulent messages. In particular, the exchange of relevant and timely cyber threat intelligence has proved critical in effectively detecting and preventing attacks.
Dries Watteyne, Head of Cyber Security Incident Response Team at SWIFT,said: “SWIFT’s threat intelligence sharing has highlighted the changes to cyber criminals’ tactics, techniques and procedures used in attempted attacks, enabling industry participants to understand and respond to the increasingly sophisticated nature of cyber threats. In this report, SWIFT reveals important information about the evolving payment profile to enable more accurate detection through business indicators. It is encouraging that detection rates of attempted attacks are increasing, but we need to be mindful that malicious actors adapt rapidly. The industry must continuously strengthen and diversify its defences, investigate incidents and share information.”
Brett Lancaster, Head of Customer Security, said: “These cases show how SWIFT solutions including our Daily Validation Reports tool, our Payment Controls Service and the gpi Stop and Recall facility can all have real, positive impact. They also evidence the importance of implementing security controls and of understanding and mitigating against cyber risks presented by counterparties. This is why more and more customers are turning to SWIFT’s KYC-Security Attestation utility to consume that information.”