SWIFT engages expert cyber security firms and establishes dedicated Customer Security Intelligence team
SWIFT’s Customer Security Programme advances as information sharing initiative delivers early results
Brussels, 11 July, 2016 – SWIFT has engaged expert cyber security firms BAE Systems (*) and Fox-IT (**) and created a dedicated Customer Security Intelligence team, bringing together a strong group of IT and cyber experts to investigate security incidents within customer environments.
The expert firms will complement SWIFT’s in-house cyber security expertise and work closely with SWIFT’s newly formed Customer Security Intelligence team to support SWIFT’s customer information sharing initiative and to help strengthen cyber security across the global SWIFT community.
The information sharing initiative is a key part of SWIFT’s recently launched Customer Security Programme. Under this initiative SWIFT is assisting its community by undertaking forensic investigations on customer premises related to SWIFT products and services. These will complement the internal investigations being carried out by affected customers. SWIFT is also feeding related intelligence – in anonymised form – back to the wider SWIFT community in order to help prevent future frauds in customer environments.
SWIFT’s information sharing initiative has grown significantly since its launch, and now includes detailed intelligence and analysis on the modus operandi of attackers in recent customer fraud cases. In addition SWIFT has published an inventory containing some of the specific malware used in reported attacks, as well as indicators of compromise (IoCs) that SWIFT has developed to assist other customers in detecting threats operating in their environments.
Menno van der Marel, co-founder and CEO of Fox-IT, said: “Fox-IT is pleased to support SWIFT on this important initiative. SWIFT operates on a high security maturity level and we will be working closely together both supporting their cyber forensics analysis work, as well as helping them share anonymised information with the community.”
BAE Systems Director of Cyber Services, James Hatch, added: “The inevitable criminal focus on the heart of the financial system means that the financial services industry needs to ensure it has effective cyber defences against well-funded, motivated and organised attackers. It is vital the industry works together both to defend systems and networks, and we are pleased to be working with SWIFT to help protect the mutual trust on which the financial system depends.”
SWIFT will continue with its efforts to gather and share anonymised customer security information with its community to help prevent future fraud cases and to facilitate information sharing on best practices and innovation in cyber defence. SWIFT is also sharing relevant security information with its oversight bodies, appropriate Information Sharing and Analysis Centre (ISAC) groups and other forensic firms.
SWIFT Chief Technology Officer, Craig Young, added: “Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial to helping us continue protecting our community. Information we have already received from impacted banks has allowed us to identify new malware and to publish related IoCs which are helping to protect the wider community. An important dependency of this initiative is SWIFT’s timely receipt of information from affected customers. We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users.”
CEO Gottfried Leibbrandt announced SWIFT’s Customer Security Programme in Brussels on 24th May 2016. SWIFT’s Board endorsed the programme in June, earmarking a dedicated investment for the programme during 2016. The Board will continue to actively oversee the programme and will assess incremental business and financial needs for the programme during the remainder of 2016 and 2017.
(*) BAE Systems is a UK-based global defence, aerospace and security company employing around 83,400 people worldwide. Its products and services cover air, land and naval forces, as well as advanced electronics, security, information technology, and support services.
(**) Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises worldwide. The company was founded in 1999 and is headquartered in Delft, the Netherlands. It was acquired by NCC Group, a FTSE 250 listed expert in cyber security and risk mitigation, in November 2015. Fox-IT is Europe’s largest specialised cyber security company.
About SWIFT’s Customer Security Programme
SWIFT’s customer security programme, which launched in June 2016, is a dedicated initiative designed to reinforce and evolve the security of global banking, consolidating and building upon existing SWIFT and industry efforts. The programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
The programme will focus on five mutually reinforcing strategic initiatives:
- Improving information sharing amongst the global community
- Enhancing SWIFT related tools for customers
- Enhance guidelines and provide audit frameworks
- Support increased transaction pattern controls
- Enhance support by third party providers.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
Brunswick Group LLP
Tel: +44 (0)20 7404 5959
About BAE Systems
At BAE Systems, we provide some of the world’s most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of some 83,400 people in over 40 countries. Working with customers and local partners, we develop, engineer, manufacture and support products and systems to deliver military capability, protect national security and people and keep critical information and infrastructure secure.
BAE Systems Applied Intelligence is a business division of BAE Systems that delivers solutions that help clients to protect and enhance their critical assets in the intelligence age. Our intelligent protection solutions combine large-scale data exploitation, ‘intelligence-grade’ security and complex services and solutions integration. We operate in four key domains of expertise: cyber security, financial crime, communications intelligence and digital transformation.
Leading enterprises and government departments use our solutions to protect and enhance their physical infrastructure, mission-critical systems, valuable intellectual property, corporate information, reputation and customer relationships, competitive advantage and financial success.
For further information about BAE Systems Applied Intelligence, please visit www.baesystems.com/businessdefence
Fox-IT prevents, investigates, and limits the most serious threats presented by cyberattacks, data leaks, or fraud by providing innovative solutions for governments, defense, police, vital infrastructure, banks, and large companies around the world. The Fox-IT approach combines intelligent ideas with technology to create innovative solutions that ensure a safe society. Fox-IT develops customized products and solutions that guarantee the safety of sensitive government systems, protect industrial networks, defend online banking systems, and secure highly confidential data.
For further information about Fox-IT, please visit our website at https://www.fox-it.com/en.