A Swift Path to Securing Trust in the Financial Services

The global financial services industry continues to come under siege by increasingly sophisticated cyber-attacks.Nearly 50 percent of global financial companies have suffered a breach as reported by the 2017 Thales Data Threat Report[1]. The impact is costly since on average financial companies globally will likely incur over $6 million for a single data breach.

Further information from the field have exposed numerous cases of security breaches and vulnerabilities. Few notable examples include the $81 million Bangladesh Bank Heist and the attacks on banks in the Nepal and Taiwan that resulted in over $60 million of fraudulent transfers that were routed to several countries across the globe, including the United States[2]. These events underline that many financial companies are at risk.

The data has proven that a reactive security posture is not sustainable. The attractiveness of financial services to cyber criminals, coupled with the rapid technological advances, place additional burdens on these companies, and the industry. Therefore, financial companies need innovative, relevant and dynamic security solutions to keep criminals at bay, secure their environment, manage access and detect and respond to threats in a timely and effective manner.

To strengthen the global banking system against growing cyber threats, the SWIFT Customer Security Control Framework(CSCF) was developed as part of the customer security program in 2016 which mandates that all SWIFT users attest their current level of compliance with the mandatory controls by December 31, 2017. The SWIFT Customer Security Control Framework describes the security requirements for SWIFT customers. It consists of 16 mandatory controls and 11 advisory controls. These controls are supported by 3 security objectives and 8 guiding principles rooted in securing the environment, knowing and limiting access, and detecting and responding to security incidents or events.

While many financial companies are preparing to meet or have already met the December 31, 2017 deadline, it is important to emphasize that:

• The security baseline is evolutionary;
• The mandatory compliance exercise is due at least every 12 months thereafter; and
• All users must meet these mandatory requirements irrespective of whether they connect to SWIFT directly or not.

Attaining a high level of assurance can be a daunting effort. Therefore, a company will require, at a minimum, focused security strategies and policies, continuing investments in sound security infrastructure and skilled expertise to design, deploy and monitor the myriad of security controls.

The growing compliance requirements may appear overwhelming to an internal security team, especially those with certain resource constraints. Still, improved compliance measures will provide better assurance to the customers and business partners. Additional advantages for financial companies undertaking to meet improved compliance requirements include the opportunity to:

• Develop and build trust in thecompany?s services;
• Provide a cost-effective approach to managing risks;
• Improve the likelihood of alignment of the company?s security controls to international standards such as PCI-DSS, ISO27002 and NIST;
• Reduce the risk of breach of customers? data or intellectual assets;
• Better manage the company?s reputation and brand;
• Improve the company?s security profile; and
• Reduce the risk of financial penalties.

Wilson Consulting Group(WCG) has supported and stands ready to assist companies to not only detect, respond, and prevent cyber-attacks but to also support their growing compliance requirements. Our SWIFT Assessment Security Services delivered by our experienced and qualified team include Gap analysis, Remediation services and Attestation services. WCG has the knowledge, skills and capacity to deliver the best results at a competitive price.

Let us help you to meet your compliance needs!

[1] 2017 Thales Data Threat Report, Financial Services Edition

[2] Bank info security, https://www.bankinfosecurity.asia