In the last few years, SWIFT has become a favorite target for hackers across the globe. The frequency of SWIFT-targeted cyberattacks is a good indicator of the same. In most of these SWIFT-targeted attacks, the network perimeter was compromised before the core SWIFT platform was touched. It is first important to ensure that we have a foolproof network perimeter built around SWIFT infrastructure with appropriate security solutions in a defense-in-depth manner.
Data confidentiality in SWIFT can be achieved through the encryption of all payment-related data and having all links controlled by SWIFT using strong encryption algorithms. Access to SWIFT payment data should be protected by means of one-time passwords (OTP). Controls such as unique sequencing of all messages, dual storage, real-time acknowledgement to the user, and message authentication procedure between the sender and receiver also help ensure SWIFT data integrity by protecting from fraudulent modification of SWIFT data, which was the technique used by hackers in many recent SWIFT-targeted attacks. Availability of SWIFT infrastructure can be achieved using several measures, many of which are built into organizations in the form of continuity planning, duplication, and, in some cases, triplication of equipment, extensive recovery schemes and automatic rerouting of payments in the event of failure of some network nodes.
In addition to the confidentiality, integrity and availability-related controls mentioned previously, having controls, such as well-defined segregation of duties, logical access controls, control of paper output and timely validation of error reports, helps protect the SWIFT infrastructure across the Cyber Kill Chain.
An assurance that an optimum level of SWIFT security has been achieved needs to be provided by execution of well-defined internal and external audit programs on a periodic basis.
Read Vimal Mani’s recent Journal article:
“Securing the SWIFT Infrastructure Across the Cyber Kill Chain,” ISACA Journal, volume 4, 2018.