In 2015 and 2016, a wide range of cyber-attacks were reported using the SWIFT banking network, resulting in the theft of millions of dollars. The hackers exploited the vulnerabilities in the banking system and gained access to the bank’s SWIFT credentials. Following these arrays of attacks, SWIFT established the Customer Security Program; a new regime of mandatory controls for all the financial institutions to dynamically support customers in fighting cyber-attacks.
What is SWIFT?
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is the world’s largest digital messaging network used by financial institutions. It communicates financial transaction orders between institutions using SWIFT codes in a safe, secure and standardized way.
Addressing SWIFT CSP
In 2016, SWIFT introduced its Customer Security Program (CSP) as a measure to improve the security and transparency across the global financial community. The key focus areas of SWIFT CSP are given below:
- Secure & Protect: Secure and protect your local SWIFT environment from cyber-attacks and frauds.
- Prevent & Detect: Prevent and detect security risk in your counterparty relationships
- Share & Prepare: Continuously share information and get prepared to defend against future attacks.
To enhance cybersecurity, all the institutions were required to self-attest to an initial set of mandatory controls by 2017. Furthermore, several advisory controls were also established as part of best practices in the organizations to improve self-hygiene.
Customers are required to implement all mandatory controls. However, the advisory controls are provided to reduce the attack surface and vulnerabilities, detecting anomalous activity to systems or transaction records and planning for incident response and information sharing. These controls should be ideally selected after performing risk assessments.
- SWIFT CSP Gap Assessment
- SWIFT CSP Attestation
- CSCF Remediation Service
SWIFT CSP Remediation Services
- Privileged Access Management
- Hardening & Patching
- Vulnerability Scanning & Penetration Tests
- Identity Management & Multi-factor Authentication
- Logging & Monitoring
- Incidence Response Planning
Why SWIFT CSP Assessment must be done by a SWIFT listed Agency?
A SWIFT listed cybersecurity service provider has access to a vast knowledge base offered by SWIFT. Also, Companies like ValueMentor have conducted numerous SWIFT CSP Assessments and attestations which enables customers to benefit from agency experience in protecting and defending their SWIFT infrastructure through efficient implementations of SWIFT CSCF (Customer Security Control Framework).
For detailed information on SWIFT CSP services,
* SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory, and SWIFT customers are not required to use providers listed in the directory