A Swift Path to Securing Trust in the Financial Services

The global financial services industry continues to come under siege by increasingly sophisticated cyber attacks.Nearly 50 percent of global financial companies have suffered a breach as reported by the 2017 Thales Data Threat Report .


Call Us Today
The global financial services industry continues to come under siege by increasingly sophisticated cyber attacks.Nearly 50 percent of global financial companies have suffered a breach as reported by the 2017 Thales Data Threat Report .The impact is costly since on average financial companies globally will likely incur over $6 million for a single data breach .

Further information from the field have exposed numerous cases of security breaches and vulnerabilities. Few notable examples include the $81 million Bangladesh Bank Heist and the attacks onbanks in the Nepal and Taiwan that resulted in over $60 million of fraudulent transfers that were routed to several countries across the globe, including the United States .These events underline that many financial companies are at risk.

The data has proven that a reactive security posture is not sustainable.The attractiveness of financial services to cybercriminals, coupled with the rapid technological advances,place additional burdens on these companies, and the industry. Therefore, financial companies need innovative, relevant and dynamic security solutions to keep criminals at bay, secure their environment, manage access and detect and respond to threats in a timely and effective manner.

In an effort to strengthen the global banking system against growing cyberthreats, the SWIFT Customer Security Control Framework was developed as part of the customer security programme in 2016 which mandates that all SWIFT users attest their current level of compliance with the mandatory controls by December 31, 2017.The SWIFT Customer Security Control Framework describes the security requirements for SWIFT customers. It consists of 16 mandatory controls and 11 advisory controls, Figure 1. These controls are supported by 3 security objectives and 8 guiding principles rooted in securing the environment, limiting access, and detecting and responding to security incidents or events.

    While many financial companies are preparing to meet or have already met the December 31, 2017 deadline, it is important to emphasize that:

  • The mandatory security baseline is evolutionary;
  • The mandatory compliance exercise isdueevery 12 months thereafter; and
  • All users must meet these requirements irrespective of whether they connect to SWIFT directly or not

Attaining a high level of assurance can bea daunting effort. Therefore, a company will require, at a minimum, focused security strategies and policies, continuing investments in sound security infrastructure and skilled expertise to design, deploy and monitor the myriad of security controls.

The growing compliance requirements may appear overwhelming to an internal security team, especially those with certain resource constraints. Still, improved compliance measures will provide better assurance to the customers and business partners. Additional advantages forfinancial companies undertaking to meet improved compliance requirementsinclude the opportunity to:

  • develop and build trust in thecompany’s services;
  • provide a cost-effective approach to managing risks;
  • improve the likelihood of alignment of the company’s security controls to international standards such as PCI-DSS, ISO27002 and NIST;
  • reduce the risk of breach of customers’ data or intellectual assets;
  • better manage the company’s reputation and brand;
  • improve the company’s security profile; and
  • reduce the risk of financial penalties.

WCGhas supported and stands ready toassist companies to not only detect, respond, and prevent cyber-attacks but to also support their growing compliance requirements. TheSWIFT Assessment Security Services provided by our experienced and qualified team include Gap analysis, Remediation services and Attestation services.WCG has the knowledge, skills and capacity to deliver the best results at a competitive price.

Let us help you to meet your security mandates.