Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: challenges and trends in the cyber world XXI ACSDA’s General Assembly Miguel Suarez, Head of Business Development, Latin America & Caribbean,

Published by尊灰 童 Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity: challenges and trends in the cyber world XXI ACSDA’s General Assembly Miguel Suarez, Head of Business Development, Latin America & Caribbean,"— Presentation transcript:

1 Cybersecurity: challenges and trends in the cyber world XXI ACSDA’s General Assembly
Miguel Suarez, Head of Business Development, Latin America & Caribbean, SWIFT

2 Cyber threats facing your business
In the near term, we believe the cyber threat is highest in the securities markets, particularly to its Participants. This is due to the large numbers of Participants and infrastructures in that market, the complexities of their interactions, and inherent characteristics such as long chains of custody, unstructured communications and trusted practices – all of which combine to provide opportunities for APT groups to exploit. The threat to Participants in the banking and payments market remains near term as it provides more direct cash out opportunities, but cyber risks are better understood in this area and SWIFT’s CSP has also helped improve their defences. Trade finance participants, meanwhile, are subject to a near term cyber threat but less so than other near term targets due to the potential lower returns for the attacker. FX Participants and trade finance Market Infrastructures are subject to a medium term threat as the cash out from attacking these targets is less direct than the near term targets. Attacks would also be more difficult due to having to manipulate more complex, individual transactions. FX and banking and payments Market Infrastructures are subject to a longer term threat due to a variety of factors. Not only are these are known, systemically important infrastructures that are subject to oversight, they also have a higher awareness and state of readiness in response to the threat from APT groups. Source: The Evolving Advanced Cyber Threat to Financial Markets – BAE Systems & SWIFT

3 The Big Picture - World Economic Forum ranks ‘cyberattacks’ as a top global risk
1 National governance failure 2 Unemployment 3 Social instability Cyberattacks With APTs, virtually anybody could be a target and with ubiquitous IoT ‘smart’ devices could be used as a DDoS weapon … Threat landscape Source: WEF survey spanning 684 respondents which assessed [likelihood] and [impact] of each risk on a scale of 1 to 5 [very unlikely / minimal impact] to [very likely / catastrophic]

4 Ab(use) of New Technology
The cyber threat landscape is always shifting and the attack surface is always changing Ab(use) of New Technology Evolving Attack Vectors The Weakest Link Cyber Threat Landscape New Regulation Geo Political Tensions Evolving attackL Rise in intense DDoS Attacks Rise in Ransomware Evolving Zero-Day APTs Advanced ‘Undetectable’ Malware Larger Data Breaches (Possible) Targeting of Critical Infrastructure Bad Guys

5 Threat actors are sophisticated and patient - can invest months on a targeted APT attack
Attack types Source: Verizon 2009 Data Breach Investigations Report Minutes Hours Days Weeks Months Years Unknown

6 Shortened Settlement Cycles
Almost like a perfect storm, we also see market initiatives that will change the attack surface … Ability to track the payment from originator to beneficiary through the correspondent banking chain Uses a unique end-to-end transaction reference (UETR) ‘Stop & Recall’ can stop a payment in case of fraud SWIFT gpi Real-time retail payment systems (RT-RPS) allows instantaneous transfer of funds SWIFT launches SWIFTNet Instant messaging by end 2018 RT-RPS makes it more difficult for LEAs to trace and recall fraudulent payments, which increases the attack surface With PSD2 (Jan 18) EU banks are obligated to allow third-party providers (TTPs) access to data and payment services through APIs TTPs include account aggregators, challenger banks and Fintech startups Increases the possible attack surface open to cyber criminals Potential fraudulent transactions could be transported via SWIFT Impact of Market Initiatives APIs with Open Banking Real Time Payments Endless battle between ‘convenience’ vs ‘security’ Shortened Settlement Cycles Driven by capital optimisation, numerous securities markets have reduced their settlement cycle times, typically from T+3 to T+2 Reduction of settlement time makes it more difficult for law- enforcement to trace and recall fraudulent transactions, which increases the possible attack surface open to criminals Tech

7 CSP | An Overview Customer Security Programme (CSP) Launched in May 2016, the CSP supports all customer segments in reinforcing the security of their local SWIFT-related infrastructure You Secure and Protect SWIFT Tools Security Controls Framework Your Community Share and Prepare Intelligence Sharing SWIFT ISAC Portal Your Counterparts Prevent and Detect Transaction Pattern Detection – RMA, DVR and ‘In Flight’ Sender Payment Controls

8 CSP | A case study

9 CSP Security Controls Framework
CSP | Secure and Protect – Customer Security Controls Framework v2019 CSP Security Controls Framework Secure Your Environment 1. Restrict Internet access 2. Segregate critical systems from general IT environment 3. Reduce attack surface and vulnerabilities 4. Physically secure the environment Know and Limit Access 5. Prevent compromise of credentials 6. Manage identities and segregate privileges Detect and Respond 7. Detect anomalous activity to system or transaction records 8. Plan for incident response and information sharing Security Controls 3 Objectives 8 Principles 19 controls are now mandatory – 3 Advisory promoted to Mandatory: 2.6 A Secure Operator sessions 2.7 A Yearly vulnerability scanning 5.4 A Physical and Logical Password Storage 10 controls are now advisory - 2 additions: 1.3 A Virtualisation Platform Protection 2.10 A Application Hardening M M 29 Controls (previously 27) M Customer Security Programme - February 2019

10 CSP | Counterparty Consultation of Attestation - Assessing Counterparty Risk
Establish a governance model for cybersecurity risk management Adopt cybersecurity risk mitigating countermeasures 1 3 2 4 Establish a cybersecurity risk management framework Incorporate cybersecurity attestation data from SWIFT counterparties Guideline is primarily intended for use by small and medium sized organisations with relatively few counterparties, and correspondent banks that act as intermediaries between originating payers and end beneficiaries Customer Security Programme - February 2019

11 Reporting 1 Alerting 2 Daily Validation Reports
Module 1 Reporting Daily Validation Reports Activity and Risk reporting Inbound and Outbound Group and/or Entity reporting Module 2 Alerting Real-time alerting/blocking Outbound Subscriber-controlled rules

12 Module 2 Rule types Threshold Protect against individual and aggregated payment behaviour that is a potential fraud risk or falls outside of business policy Profiling/ Learning Identify & protect against payment behaviour that is uncharacteristic, based upon past learned behaviour Identify & protect against payment behaviour that is uncharacteristic, based upon past learned behaviour Business Calendars Identify payments that are sent on non-business days or outside normal business hours Suspicious Accounts Verify end customer account numbers against an institution black list of account numbers believed to be high risk New Institutions Identify payments involving individual institutional participants or chains that have not been seen previously, based upon historical message flows Badly Formed Messages Identify and stop messages where preceded by repetitive NACKs to the same recipient Rule types include: Threshold: Protect against individual payments and aggregated payment behaviour that indicate potential fraud risk or fall outside of business policy Profile learning: Identify and protect against payment behaviour that is uncharacteristic, based on past learned behaviour Business calendars: Identify payments sent by the subscribing institution on non-business days or outside of normal business hours Suspicious accounts: Verify end customer numbers against the customer bank’s ‘black list’ of institutions believed to be high risk New institutions: identify payments from the customer bank involving new institutions, or payment chains that have not been seen previously in historical message flows Badly formed messages: Identify and stop messages from the customer bank to the same recipient that have been preceded by repetitive NACKs based on improper formatting

13 SWIFT Payments Controls
CSP Detection Tools | Payment Control Service (PCS) - Features and Rules PCS performs ‘in-flight’ transaction monitoring on ‘sent’ payment instructions and identifies activity that is out-of-policy or indicative of fraud PCS works in one of two real-time operating modes using policy rules defined by the subscriber: Message Copy and Alert, or Message Hold and Alert Provides a zero-footprint payment safety-net against payment risks SWIFT launched PCS in Oct 18 supporting MT103, MT202 and MT202 COV messages Message Copy & Alert 1 1 Receiver Sender a) Message Hold & Alert 2 2 b) If Released b) If Aborted 1 2 SWIFT Payments Controls PCS Policy Rules Business Calendars: non-business days and normal business hours Currency whitelist / blacklists, single and aggregate payment limits Country whitelist / blacklists, single and aggregate payment limits Thresholds for country, currency, single entity or group combinations New Institutions: Identify payments with new participants or chains, based upon historical message flows Profiling / Learning: Identify & protect against payment behavior that is uncharacteristic, based upon past learned behavior Badly Formed Messages: Identify and stop messages where preceded by repetitive NAKs to the same recipient Suspicious Accounts: Verify end customer account numbers against an institution black list of account numbers believed to be high risk

14 Your Community You Your Counterparts Your Community
SWIFT has deepened its cyber security forensics capabilities, providing unique intelligence on customer security-related events. This information is disseminated to the community in an anonymised manner. You Secure and Protect SWIFT Tools Customer Security Controls Framework Your Counterparts Prevent and Detect Transaction Pattern Detection – RMA, DVR and Payment Controls Your Community Share and Prepare Intelligence Sharing SWIFT ISAC Portal NOTE FOR THE INSTRUCTOR [Your community]: To use our position as a global cooperative to drive information and intelligence sharing to prevent future attacks The financial industry is global, and so are the cyber challenges it faces. What happens to one company in one location can be replicated by attackers elsewhere, so a global community effort will strengthen cyber defences. (Since March 2016) a dedicated Customer Security Intelligence team has been introduced to help limit community impact by sharing anonymous information in a confidential manner on Indicators of Compromise (IOCs) and by detailing the modus operandi used in known attacks. (Since August 2016) we expanded notification capabilities to ensure that all customers can subscribe to SWIFT’s latest operational security information. Prior to and throughout the programme SWIFT has regularly been informing its customers of relevant cyber intelligence, new market practices and recommendations. Specifically SWIFT has been building a Chief Information Security Officer (CISO) network and engaging in bilateral CISO level meetings within the community to increase collaboration and information sharing. We have now released the SWIFT Information Sharing and Analysis Centre in mySWIFT which will provide this same information in a dynamic format including the list of Bulletins, External References, the relevant details and the ability to download the information.

15 CSP | From Customer Incident Handling to Information Sharing
User fixes its environment SWIFT undertakes forensic analysis, with User User identifies suspicious activity User informs SWIFT or SWIFT receives an auto-alert SWIFT publishes anonymised threat intelligence to community SWIFT Community ISACs / CERTs LEAs / Regulators

16 CSP | SWIFT ISAC Portal A 2nd release of SWIFT ISAC global information sharing portal was issued in February This will enable the automated exchange of cyber-threat information using industry standard formats (STIX/TAXII) and allow access for non-SWIFT customers The SWIFT ISAC continues to share threat intelligence with the community, including, indicators of compromise such as file hashes and details about malware samples observed. When possible, Modus Operandi used by attackers is described and machine-digestible files are provided (YARA rules, OpenIOC, etc.) Share and Prepare (Your community) On 15 May we released the SWIFT Information Sharing and Analysis Centre portal in mySWIFT which will provide this same information in a dynamic format including the list of Bulletins, External References, the relevant details and the ability to download the information. Customers can now access the Portal on SWIFT.com. Further information is currently on SDC homepage news.

17 Questions?

Download ppt "Cybersecurity: challenges and trends in the cyber world XXI ACSDA’s General Assembly Miguel Suarez, Head of Business Development, Latin America & Caribbean,"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Overview of Credit Risk Management practices in banksMarketing Report 1 st Half 2009 Overview of Credit Risk Management practices – The banking perspective.

Overview of Credit Risk Management practices in banksMarketing Report 1 st Half 2009 Overview of Credit Risk Management practices – The banking perspective.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.

Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
Albany Bank Corporation Security Incident Management Program.

Albany Bank Corporation Security Incident Management Program.
Regional Telecommunications Workshop on FMRANS 2015 Presentation.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Friday 22nd April 2016 DS Chris Greatorex SEROCU

Friday 22nd April 2016 DS Chris Greatorex SEROCU
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Security and resilience for Smart Hospitals Key findings

Security and resilience for Smart Hospitals Key findings
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google