IFC brings together bank CEOs, central bank governors, government officials, and financial leaders from across the world.
Organised by the Bank of Russia, the International Financial Congress is one of the largest and most important events in the Russian banking and securities markets industry. It brings together bank CEOs, central bank governors, government officials, and approximately 1500 financial leaders from across the world.
On 5 July 2019, Matthieu de Heering, Head of Central and Eastern Europe, SWIFT, participated in a panel that discussed the evolution of the cyber-threat and what the banking industry should be doing to stay safe. He was joined on the panel by cybersecurity experts Stanislav Pavlunin, Vice President, Director of Security, Post Bank; Boris Simis, Deputy CEO, Positive Technologies; and Artem Sychev, First Deputy Director, Information Security Department, Bank of Russia. Ilya Sachkov, CEO and founder of Group-IB, moderated the panel.
Evolving cyber-threat makes cooperation even more critical
The panel found that cyber threats have evolved for Russian banks in both the domestic and the cross-border space and the criminals are continuing to adapt their tactics to evade detection. “Whether using malware, phishing attacks or malicious insiders, the bad guys are showing an increased ability to hide fraudulent transactions among legitimate ones” warned de Heering. He referred to a paper that SWIFT issued in April 2019, that detailed some of the changes in the behaviour of cyber-criminals, such changing the currencies and payment corridors used, and the decreasing the amount of individual fraudulent transactions.
de Heering went on to highlight information sharing – with regulators and authorities, and the broader financial community – as a critical part of an organisation’s response plan . “Having a well-documented and well-practised plan in place is essential – it’s no time to improvise when a cyber-attack is underway”, he commented. He gave the example of SWIFT’s Information Sharing and Analysis Centre (SWIFT ISAC) that facilitates the community’s access to actionable cyber-security threat intelligence, enabling the community to better defend itself against potential future cyber-attacks. The portal holds a wealth pf anonymised information, indicators of compromise (IOCs), malware samples, and descriptions of the attackers’ modus operandi.
This information has already made a tangible difference in the fight against cyberattacks, and de Heering encouraged banks, as well as other third parties for whom this was relevant, to sign up to the SWIFT ISAC to benefit from the intelligence.
What should banks do, and how can SWIFT help?
Turning to the Customer Security Programme (CSP) implemented by SWIFT in 2017, de Heering reported that all SWIFT users have to comply with a set of 29 mandatory and advisory controls by the end of 2019; and that by the end of 2020, a further two controls will be included. Both Simis and Sachkov pointed out that more and more banks were asking them to review their implementation of the CSP, while Pavlunin confirmed that the self-attestation was an important annual cyber-security milestone at his bank. Sychev went on to describe the close cooperation between SWIFT and the Bank of Russia in following up in the few cases of banks that had not met their CSP self-attestation requirements. de Heering added that SWIFT also values the support of Rosswift, the association of Russian SWIFT users, in underlining the importance of the CSP in the Russian banking community. The roadshows, work sessions and webinars that provide an update on the cyber threat landscape, SWIFT's Customer Security Programme and how to comply with SWIFT’s Customer Security Control Framework will continue through 2019 and beyond.
de Heering concluded by introducing SWIFT’s new Payment Controls Service, which provides real-time, 'in-flight' monitoring of the payments SWIFT users send. Hosted by SWIFT and with zero footprint, this last-resort transaction filter is independent from a user’s internal back-office systems or on-premise anti-fraud systems, which may have been compromised during a cyber-incident.
For more information on how SWIFT can help in the fight against cybercrime, consult our Customer Security Programme pages on swift.com.