alphaspirit - Fotolia

SWIFT banking security adds a dedicated cyberintelligence team

SWIFT attempts to improve banking security include partnerships with two cybersecurity firms, and the creation of a new Customer Security Intelligence team.

SWIFT has partnered with expert cybersecurity firms and will create a new intelligence team in order to bolster capabilities to investigate breaches and fraud on the SWIFT banking transaction network.

SWIFT banking security came up short after multiple attacks this year resulted in the theft of tens of millions of dollars from various banks around the world. SWIFT initially responded with a general plan to improve security and has now taken the first concrete steps towards improving banking security on its network by partnering with expert cyber security firms BAE Systems and Fox-IT and creating its own dedicated Customer Security Intelligence team.

SWIFT said in a press release that cyber security firms BAE Systems and Fox-IT will work closely with SWIFT's in-house cybersecurity team and the newly created intelligence team in order to better investigate security incidents within customer environments.

According to Avivah Litan, vice president and distinguished analyst at Gartner, the partnerships with BAE Systems and Fox-IT could help SWIFT "get on top of the problem and find out how pervasive the threats are against SWIFT payments. Those firms are experienced and will help SWIFT understand the magnitude and depth of the problems."

SWIFT admitted in the statement "the information sharing initiative is a key part of SWIFT's recently launched Customer Security Programme" and the investigation efforts will rely on banks sharing security incident information.

"Under this initiative, SWIFT is assisting its community by undertaking forensic investigations on customer premises related to SWIFT products and services," SWIFT wrote. "These will complement the internal investigations being carried out by affected customers. SWIFT is also feeding related intelligence -- in anonymized form -- back to the wider SWIFT community in order to help prevent future frauds in customer environments."

Litan said the information sharing of banking security incidents may prove more difficult than SWIFT expects.

"I think many of the banks that have been attacked probably aren't aware of infiltrators or malware in their system, and only notice the problems when it is too late," Litan said. "Also, they are more likely to report the thefts to the correspondent or recipient banks than to SWIFT, since the recipient banks may be able to recoup their stolen funds, if it's not too late."

When SWIFT first announced its Customer Security Programme, experts criticized the plan as being a slow response to banking security concerns and lacking in specifics. Litan told SearchSecurity she thinks SWIFT has been too defensive throughout this process.

"They imply that it's not their issue which is true technically, i.e. it's the member banks [that] are being infiltrated and SWIFT is just a messaging network. But they should take more ownership of the problem, just like Visa and MasterCard do when it comes to retailers being attacked. VISA and MasterCard are just messaging networks as well, much like SWIFT is," Litan wrote in an email. "Of course VISA and MasterCard have to take ownership in order to preserve trust in their system and accompanying revenues that accrue to the network participants, e.g. the member banks. The same is now true for SWIFT and it looks like they may slowly be starting to take ownership of the problem. The bottom line is that if they don't help fix the problems, they could start losing business and revenues because their system is becoming untrustworthy."

Next Steps

Learn more about the identity management system SWIFT proposed to banks.

Find out about the team Google formed to investigate security threats.

Get info on why internal threats are among the biggest cybersecurity challenges.

Dig Deeper on IPv6 security and network protocols security