SWIFT’s challenge with Cyber Security

SWIFT’s challenge with Cyber Security

SWIFT – the application backbone of global financial transactions at many financials and corporates - is increasingly being targeted by cyber criminals, as the recent SWIFT cyber hacking sprees have made abundantly clear. The last two years witnessed several cyber-attacks targeting the financial sectors, and SWIFT messaging system was a prime target for multiple attacks which resulted in an $81 million heist at the Bangladesh Central Bank, $4 million at Akbank in Turkey, $9 million at Banco del Asturo in Ecuador and attempted $1.1 million at TP Bank of Vietnam.

1000

Related content

In response, Society for Worldwide Interbank Financial Telecommunication (SWIFT) has announced a Customer Security Program (CSP). This program aims to improve information sharing throughout the community, enhance SWIFT-related tools for customers and provide audit frameworks.

SWIFT Assurance Framework
As part of the CSP, SWIFT introduced a mandatory assurance framework for all its 11,000 customers. The framework conceives 3 main objectives spread among 8 principles and is achieved through the appropriate implementation of the 16 mandatory and 11 advisory security controls.

SWIFT believes that applying this framework will raise the security maturity bar for its customers and supports customers in their efforts to prevent and detect fraudulent use of their infrastructure. Implementation of the framework standards will also increase security awareness and education in the on-going fight against cyber-related wire fraud. SWIFT assurance framework has not been finalized yet. SWIFT expects to publish the final version by the end of Q1, 2017.

Are you ready?
Starting Q2 2017, SWIFT expects all its members, including those who connect through service bureaus, to provide a detailed self-attestation against the published mandatory controls. SWIFT further states that a sample of clients will be selected to inspect their compliance with the mandatory controls, in 2018. Selected SWIFT members will require to provide additional assurance either from their internal or their external auditors.

How can KPMG help you?
After the introduction of the SWIFT Customer Security Program, KPMG has identified SWIFT security as a strategic growth topic for KPMG globally. For this purpose, KPMG has developed a SWIFT security risk assessment framework. The KPMG SWIFT security risk assessment framework focuses on SWIFT specific security controls and its underlying infrastructure in accordance with international standards and frameworks such as SWIFT assurance framework, COBIT, NIST, SANS, and PCI-DSS. In addition to the standard IT assurance and cyber security controls, the KPMG SWIFT security risk assessment framework covers:

  • SWIFT components specific controls and security assessments. The flexibility of the framework enables KPMG to add specific controls to the SWIFT components under review.
  • Scenario-driven risk assessment that increases the organization’s security maturity through identifying areas of risk that may require future actions.
  • Entity-wide processes related to SWIFT and its operations covering, but not limited to, governance, change management, logging and monitoring, incident management.
  • Domain specific, i.e. servers, end users workstations, SWIFT application and interfaces.

KPMG will update the framework with the final security framework of SWIFT as soon as it is formalized in April 2017.

Should you have any questions or inquiries, KPMG would welcome the opportunity to further explain how it can assist you through its service suite.

Do you want more information? Please contact Jaap van Beek, Fadi EL Asmar or Ton Diemont.

Connect with us

 

Request for proposal

 

Submit

KPMG's new digital platform

KPMG International has created a state of the art digital platform that enhances your experience, optimized to discover new and related content.

 
Read more