Cyber criminals an ‘evolving threat to FIs’

Written by Chris Lemmon

There has been a significant evolution on the cyber threat facing the global financial industry over the past 18 months as criminal have significantly advanced their knowledge, according to a new report from SWIFT.

The report evaluates cyber attacks on customers around the world, analysing the sophistication of the attackers’ tactics and techniques. Based on the insights gained, the report published how users can protect themselves better against the cyber threat – called the SWIFT Customer Security Programme.

Under the programme, a core set of mandatory controls that aim at enhancing customers’ security baselines. The controls have been provided to all SWIFT customers, who have until 31 December 2017 to self-attest their compliance against them.

Dries Watteyne, SWIFT’s head of customer security intelligence, said: “The inevitable criminal focus on the financial industry means that the community needs to ensure that it has effective cyber defences against well-funded, motivated and organised attackers. Threat intelligence and information sharing is a critical part of that.”

Karel De Kneef, security operations director at SWIFT, added: “In any single attack a mix of malicious files will often be used, whether that be to acquire credentials or to bypass authentication requirements; to learn how internal operations or messages work; to create distractions and delay local security teams’ responses; or to securely delete log files and other traces of the attacks.

“While the attackers’ sophistication is clearly on the rise, in all cases, they have relied on basic security weaknesses in the targeted customers’ perimeter and internal network security. The determination, patience and cunning the attackers are demonstrating makes it more imperative than ever that customers rapidly deploy and maintain all basic cyber hygiene tools and measures.”