Best Practices, SOC-as-a-Service, SOCs and SIEMs
Arctic Wolf Networks

How SMB Banks Can Defend against SWIFT Breaches

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system has frequently made headlines in the past year, and usually not for good reasons:

  • In 2016, more than $80 million was stolen from Bangladesh Bank via rogue SWIFT transfers. While SWIFT’s actual infrastructure was not breached in this case, local bank offices in Bangladesh were blindsided by Excel attachments containing malware that infected their Windows-based IT systems.
  • Similar incidents were revealed later in 2016 and 2017. For example, a copycat attack affected Union Bank of India beginning in July 2016. However, bank employees were able to spot the attempted fraud before the bank’s SWIFT codes were stolen by malware.
  • In 2017, leaks from the hacker group Shadow Brokers alleged that the U.S. National Security Agency had been trying to infiltrate EastNets, a SWIFT bureau for financial institutions in the Middle East. EastNets denied it has been broken into, although the Shadow Brokers’ lists included purported infected systems throughout the region.

SWIFT has mandated compliance with specific security controls, the Customer Security Controls Framework, by Jan. 1, 2018, as part of its Customer Security Programme (CSP).  These mechanisms were designed to combat the rise in fraud on local systems in particular.

Local security: Why SMB banks are most vulnerable to SWIFT breaches

In each of the incidents mentioned above, the weak link in the security chain was the operating system running on a local machine in a perimeter office – in other words, not the actual centralized services of SWIFT. Since SWIFT does have direct regulatory power over its members, it is up to each bank to oversee how its IT infrastructure is secured.

“The typical IT budget has barely budged in recent years.”

For SMB banks, this is an especially challenging process, since many of them are strapped for both personnel and budgetary resources. Branch offices are notorious for not having sufficient technical staff on hand, while surveys such as the 2017 State of IT report from Spiceworks have revealed that the typical IT budget has barely budged in recent years.

Finding a solution: Managed detection and response

Accordingly, many banks are in the situation of needing to upgrade their mission-critical systems to keep up with ever-evolving threats, but not always having the wherewithal to do so. They require cybersecurity solutions that can lessen this technical burden and accelerate the evolution of their security posture.

A security operations center (SOC) is ideal in this situation. Managed SOC can facilitate vulnerability assessments, 24/7 monitoring and prompt alerting. In tandem with the new CSP guidance, such a managed security services platform can empower smaller banks to shield their systems and transactions from prying eyes and preserve the overall integrity of SWIFT.