Information sharing and community cooperation to reduce cyber risks
Brussels, 20 May 2016 - SWIFT
SWIFT has delivered the following customer communication to all its users, providing an update on the steps we are taking in light of the recent customer security issues.
Dear SWIFT User,
SWIFT has recently shared information regarding a number of fraudulent payment cases where affected customers suffered a breach in their local payment infrastructure. We would like to reassure you again that SWIFT’s network, services and software were not compromised. While customers are responsible for the security of their own environment, security is our top priority and as an industry owned cooperative we are committed to helping our customers fight against cyber-attacks.
In this letter, we provide you with an update on the steps that we are taking in light of these recent customer cases, and on specific measures we need you to take to ensure that our community is using its collective force to reduce the risk of cyber intrusions.
Information sharing approach
SWIFT will continue to notify you as soon as possible of any cases of malware known to us so that you can better target your preventative and detective efforts in your local environment. We will also continue to share best practices to help all our users improve their security as we have been doing very proactively over recent months. We are currently working to further reinforce our support to customers in securing their access to the SWIFT network; we are receiving feedback from the relevant board committee and overseers in the coming days and will be sharing plans with the wider community. We will provide further information on a new programme shortly.
Given that we are a global community, we need to share relevant cyber information amongst ourselves. To improve information sharing, as a first step, we will be centralising all new and existing security information in our Knowledge Base in the restricted customer section on SWIFT.com.
We will update this tip with relevant information, including any new customer malwares or other indicators of compromise (IOCs) supporting the same modus operandi we have seen in the previous cases. We recommend that you have your IT security team review this information today and on an ongoing basis.
Going forward, all new and relevant information related to cyber incidents at customers’ institutions known to us will be posted in the Knowledge Base on SWIFT.com, allowing your security team to have the most up to date information, which should enhance their ability to react and respond.
Furthermore to help you stay up to date, you can find all of our public statements on security matters on our homepage SWIFT.com.
Collaboration against cyber-threats
The security of our global financial community can only be ensured through a collaborative approach among SWIFT, its users, its central bank overseers and third party suppliers. SWIFT is fully committed to leading the community effort. To this end, it is essential that you share critical security information related to SWIFT with us.
We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services. In such cases SWIFT may require certain diagnostic information from you as set out in our terms and conditions (14.2.2).
Your organisation’s role in this effort is critical. Incorporating these steps as part of your security protocol will allow SWIFT to better support your institution in solving any issues that may arise, to understand any patterns between cases, and to provide general advice and alerts to other users in order to protect them from similar cases. Any information shared will be treated confidentially within the existing framework between SWIFT and its users.
We appreciate you working together with us to further reinforce the security of the global banking system.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
Brunswick Group LLP
Tel: +44 (0)20 7404 5959