How information sharing can help organizations strengthen their cyber defenses
Keeping pace with the attackers
The nature and impact of fraud in industrial sectors has changed dramatically as adversaries improve their knowledge, tactics, techniques and procedures continuing to evolve. Attackers have sufficient resources and rush to use new technologies. Organizations must also remain vigilant to keep pace; cybersecurity is a pressing concern for businesses around the world.
The need has become even more acute with the Covid-19 pandemic. Organizations have had to adapt their processes, potentially accepting additional security risks. This included the shift of staff to work remotely, away from the secure office environment.
Cybercriminals have capitalized on the situation, changing their methods and creating new challenges for organizations, increasing the risk of crimes that target networks and devices. As a result, the pandemic has reinforced the way in which organizations must continue to put in place cyber risk management frameworks and ensure a culture of cyber awareness.
Role of the customer safety program
In 2016, SWIFT launched the Client Security Program (CSP) to help clients ensure the security of their SWIFT-related infrastructure and cybercrime defense, detection and recovery. The CSP is now well established, with a solid track record of supporting clients in managing cyber risks.
This is reflected in customer engagement, with strong rates of attestation of compliance with CSP controls; and strong fund recovery rates, with the vast majority of targeted funds being recovered. The CSP also evolves according to cyber threats, with updates, improvements and new features regularly supplemented.
Optimize the sharing of information on threats
In strengthening cyber defenses, an area of paramount importance is information sharing, as an attack on one organization can easily happen to another elsewhere in the world. The exchange of intelligence on cyber threats is essential to detect and prevent attacks.
Cybercriminals have been shown to work collaboratively to share intelligence, which means organizations need to do the same and better. One place to start is to ensure accessible and automatic API-enabled data flows that can support rapid action.
SWIFT shares threat information with its clients through its Analysis and Information Sharing Center (ISAC). A key new feature is the Malware Information Sharing Platform (MISP), which ISAC migrated to in February 2021. The easy-to-use MISP software is free and has several benefits. These include easier integration and connections; synchronization of threat events between servers for automatic threat flow; and the ability to recover data in multiple formats.
Ensure a solid payment infrastructure
For an effective approach to cybersecurity, organizations must also ensure, at all times, that they are putting in place robust detection measures. This includes real-time monitoring, alerting and blocking of suspicious outgoing payments, as well as the implementation of independent daily reports.
CSP participants looking to create a comprehensive fraud control system can use the CSP in conjunction with SWIFT’s Payment Control Tool (PCS) for Financial Crime Compliance (FCC). It is an intelligent networked solution combining real-time monitoring, alerting and blocking of payments. It provides the ability to define and control filtering parameters based on internal risk and compliance policies. This can provide an additional barrier against fraud, helping customers mitigate fraud attacks by detecting and preventing high-risk payments and supporting collection.
It is established that clients using PCS are in a good position to recover all funds following an attack. And, since the start of 2021, the CSP has started publishing the profile of higher risk counterparties, thus allowing PCS tuning to continue.
Use of attestation data for counterparty risk management
Whichever route an organization takes, it is essential to confirm that it only does business with trusted counterparties. One way to do this is to use CSP attestation data for counterparty risk management.
As a basis, SWIFT’s KYC Registry Security Clearance Application (KYC-SA) allows users to request attestation data from counterparties. It includes the Grant All feature, which simplifies the sharing and consumption of counterparty attestation data between all institutions.
However, some large banks, as early adopters, go further by using CSP attestation data for this purpose and integrating it into their cyber risk management frameworks. This is part of more accessible approaches to cybersecurity, to which SWIFT is committed. We strive to provide information on such approaches to our community.
We know that other organizations may face challenges in this area, including a lack of resources. As a result, we are working with several banks to identify the success factors involved in developing processes around using attestation data for this purpose and getting the most out of it.
As we continue to support clients through the CSP, we believe that using attestation data for counterparty risk management can help organizations strengthen their cyber defenses. It is also one of the many aspects of cybersecurity processes that reflects the value of information sharing.
To learn more about the CSP, including the expanded attestation requirements and the implementation of the Independent Assessment Framework, both with a year-end deadline, at www.swift.com