A community-based approach that includes the smallest institutions as well as the largest is the best way to address the financial services industry’s cyber security issues, says SWIFT’s Pat Antonacci.
Published in Cyber Security: A Peer-Reviewed Journal, which features content written by and for cyber security professionals, Antonacci’s articlediscusses the implementation of SWIFT’s Customer Security Programme (CSP) in a world of more sophisticated and increasing numbers of cyber attacks.
Antonacci notes that with attackers not only targeting the correspondent banking industry, but being prepared to invest time in those attacks, the response needed to be comprehensive. The CSP therefore set out to assist customers in securing their local environments, detecting threats in their commercial relationships, and in sharing threat information.
The programme was therefore structured to reduce cybersecurity risk across three customer-focused areas: mandatory and advisory security controls, fraud detection tools for customers to use in conjunction with their counterparties, and new intelligence sharing capabilities.
The [CSP] programme is transformational because it is the first time that the cyber security problem has been addressed systematically and globally through a community-wide approach that is agnostic to customers’ size, location or revenue potential.
The implementation of the programme has resulted in the thwarting of attacks through increased awareness on the part of institutions, and to the tools developed under the CSP.
Antonacci draws out a key element of the programme; its Customer Security Controls Framework (CSCF). While in essence a global security baseline for the industry, it has the crucial additional element of requiring all SWIFT users to attest their level of compliance.
[Cyber Security] is core to the service we offer – a secure and reliable communications channel to facilitate financial message exchange between our 11,000+ customers across more than 200 countries and territories, in every corner of the world
By 31 December 2018, all SWIFT community members must comply with the CSCF’s mandatory controls, and can do so via the KYC Security Application (KYC-SA) portal, here.