A new wave of cyber-attack has swept through the digital hemisphere using the SWIFT’s communication system. These attacks are being highly sophisticated, they use specialized analytics technique and have even gone to exploit the minute vulnerabilities which hitherto have gone unnoticed. It’s advised to have continued vigilance and concerted proactive action against any potential threats. The systems of financial institutions are the prime targets for cybercriminals and given the volume of security incidents happening across the globe in the last 5 years, the menace is continuously growing.
SWIFT, the globally utilized communication network, even after being strong and secure with built-in safeguards, was also breached. The heist at the Central Bank of Bangladesh in 2016 showed the world that no system or network is impenetrable for the new breed of cybercriminals.
How does SWIFT work?
SWIFT stand for “Society for Worldwide Interbank Financial Telecommunications”, a Belgium based financial transactions enabling authority, through which banks and financial institutions across the world can transfer funds to each other by means of a standardized messaging service. It is said that over 29 million messages are exchanged over the SWIFT network each day. The dependency on this messaging system is such that messages formatted to SWIFT can be read by any financial processing software, even if it wasn’t delivered via the SWIFT network. SWIFT assigns each of its members a Unique Identification code which is called a SWIFT code. SWIFT issues a unique code for each transaction taking place over a secured network, which is an advantage and in addition the transaction data is backed up in servers which are placed at various locations.
RBI recognized the threat of a potential cyber-attack, in this digitally interconnected era and consequently came up with guidelines on “Cyber Security Framework”. This move admonishes banks to set up a board approved and thoroughly documented Cyber Security Policy, with a clear strategy and approach to prevent and mitigate cyber threats based on its complexity. The Cybersecurity policy should be strictly different from the broader IT policy.
A central security center has to be set up which shall be responsible for continuous surveillance and testing for vulnerabilities at regular intervals.
Some highlights of RBI’s cybersecurity framework are –
- Database and Network security should be addressed comprehensively by the banks and financial institutions.
- Confidentiality, Integrity, and Availability of information or data should be insured by the banks and financial institutions.
- A board-approved Cyber Crisis Management plan should be devised which would address issues engaging with detection, response, recovery, and containment during a security event.
- The adequacy and adherence of cyber resilience framework and measure through the development of indicator to assess the level of risk/preparedness should be assessed by the banks and financial institutions.
- All cybersecurity incidents must be reported to RBI within 2 to 6 hours.
The RBI guidelines will help banks to form and adopt a strong cybersecurity policy, along with a Crisis Management Plan.
Cyber-attacks are growing and getting even more sophisticated, while the hackers are focusing on critical financial institutions. Given the threats that are lurking in the cyber hemisphere, SWIFT and its customers must remain vigilant and proactive. SWIFT should ensure they extend support to their customers to fight against cyber fraud.
In such a scenario, our in-house experts’ advice, the implementation of a tool that would assess the network of a given financial institution, complying with the guidelines forged by the RBI and proactively assesses, penetrates and secures your networks.
To read more, please check eScan Blog
