Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

Slide Note
Embed
Share

SWIFT's latest security update for the ReBIT program highlights the persistent and sophisticated nature of cyber threats. Recommendations include maintaining vigilance, implementing sound security controls, and leveraging the Customer Security Programme (CSP) pillars for effective cyber threat response. Key milestones for 2018 involve cyber intelligence sharing, control framework evolution, and anti-fraud tool enhancements. SWIFT emphasizes mandatory security controls, advisory measures, and establishing a security baseline to safeguard the SWIFT ecosystem. Stay informed and proactive in the face of evolving threats.

grajales_i
grajales_i Follow

Uploaded on Sep 12, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. SWIFT Security Update ReBIT Saqib Sheikh, saqib.sheikh@swift.com March 2018 TLP rating AMBER Confidential to participants and restricted distribution

  2. Cyber threats continue to be persistent and sophisticated SWIFT Security Update to ReBIT, March 2018 2

  3. SWIFT published a detailed case study in November 2017, customers must remain vigilant and ensure sound mitigating controls are in place SWIFT Security Update to ReBIT, March 2018 3

  4. The Customer Security Programme (CSP) will continue to support our customers in responding to cyber threats, based on these three pillars You Secure and Protect SWIFT Tools Customer Security Controls Framework Your Counterparts Prevent and Detect Transaction Pattern Detection RMA, DVR and Payment Controls Your Community Share and Prepare Intelligence Sharing SWIFT ISAC Portal SWIFT Security Update to ReBIT, March 2018 4

  5. In 2018, key milestones around cyber intelligence sharing, evolution of the control framework and new anti-fraud tools are planned Security Controls v2 published SWIFT ISAC R2 - STIX/TAXII (Feb 18) Quality Assurance Framework All Clients Must Comply with Mandatory Security Controls V1 (31 Dec 18) KYC-SA v3 Consumption Management Q1 18 Q2 18 Q3 18 Q4 18 Change Management Process Payment Controls Pilot (Q1 18) Payment Controls Go-Live (Q3 18) SWIFT Security Update to ReBIT, March 2018 5

  6. In 2017 SWIFT established a new minimum security baseline, applicable to all live BICs Tthe Customer Security Controls Framework comprises a core set of security controls that all SWIFT customers must apply to their SWIFT-related infrastructure. 16 Mandatory security controls Establish a security baseline for the entire community All users must self-attest against their implementation on their local SWIFT-related infrastructure Set a realistic goal for near-term, tangible security gain and risk reduction. 11 Advisory controls Based on good practice that SWIFT recommends customers implement on their local SWIFT-related infrastructure. SWIFT Security Update to ReBIT, March 2018 6

  7. The majority of customers have published their current level of compliance against this baseline, and this valuable data is available to you 89% BICs globally that self- attested by the deadline 89% of customers attested their level of compliance with the mandatory controls by the 31 December 2017 deadline This was an overwhelmingly positive response from the community across every segment, market and infrastructure type. 99% Attested BICs represent 99% of the FIN Traffic All customers now need to self-attest that they fully comply with all mandatory security controls by 31 December 2018. Self-attestations need to be renewed every 12 months. SWIFT Security Update to ReBIT, March 2018 7

  8. As part of your operating guidelines this data can be used to confirm level of security of your participants Users should consume counterparty attestation data and integrate this into their risk management and business decision-making processes. Using the KYC-SA, customers can share their attestation data with their counterparties and request data from others. Customers remain in control of their attestation data they can grant or deny requests of their attestation data. SWIFT Security Update to ReBIT, March 2018 8

  9. The SWIFT security control framework will evolve, giving customers 18 months to budget, plan and comply with new versions of the framework 2017 2018 2019 2020 2021 SWIFT writes V2 controls Customer budgets V2 Customer implements V2 controls V2 Reg Reporting V2 Reg Reporting Version V2 of Security Controls V2 attest window opens V2 attest window closes Customer needs to meet V2 mandatory controls by end 2019 V2 updates / corrections Cust attests CP consumes V2 controls doc published SWIFT Security Update to ReBIT, March 2018 9

  10. Daily validation reports are available to support strong, independent reconciliation With cyber security and fraud prevention as top institutional priorities, Daily Validation Reports have quickly become an important part of our daily reconciliation process and controls. A European Central Bank In the event of an attack the accuracy of data in interface systems may be compromised. Validate Activity - Validate aggregated daily activity and transactions (reference and value) for a Group or a BIC8 across the payment chain - Daily volume and value totals, maximum value of single transactions and comparisons to 24 months historical profile Assess Risks - Assess large or unusual message flows based on different risk factors (largest transactions, largest aggregates, or deviation with average activity). - Identifies new combinations of parties in payment chain - highlights transactions sent outside of business hours Review Behaviours - Ensure alignment to Compliance policy SWIFT Security Update to ReBIT, March 2018 10

  11. Message by message payments screening service will be a powerful new anti-fraud tool SWIFT is developing Payment Controls for subscribing organisations, performing in-flight transaction monitoring to identify payment activity that is out-of-policy or indicative of fraud risks. Message Copy Release / Abort Payments Controls provide an additional safeguard on top of users existing fraud prevention systems. Payments Controls Engine Focus on Smaller Institutions Initially for smaller, sending organisations. Will also help protect larger organisations through reduced risks of received payments. Secure In-Network Using sanctions screening model to alert/release/abort payment messages in real- time. Monitoring policy defined by the subscriber. SWIFT Security Update to ReBIT, March 2018 11

  12. SWIFT provides support in being compliant to the SWIFT CSCF by end 2018 SWIFT Security Update to ReBIT, March 2018 12

  13. Are you prepared to respond to these persistent and sophisticated cyber threats? Have you secured your infrastructure? Have you implemented necessary controls? Do you have the capacity to respond? Have you secured your ongoing operations? SWIFT Security Update to ReBIT, March 2018 13

  14. The following controls support compliance to recent regulations 1 Have you secured your SWIFT infrastructure? Enables compliance to RBI requirements 1b, 1h CBS integration service SWIFT infrastructure security review a) Ensure automated integration with back office systems and minimise manual processing 1c, 1d, 1e, 1f, 1g, 1k, 3b, 4a, 4e, 4f Security integration service b) Comply with security controls 2 Have you implemented necessary controls 1a, 1h, 2b, 4g Daily validation reports, for all banks Real-time flow monitoring, for top tier banks a) Ensure independent reconciliation with golden source data 1a, 2a, 3b, 4b, 4d Payments control service GPI stop & recall of payments b) Implement transaction controls 1g Regular RMA analysis and clean-up RMA+ c) Ensure strong relationship management 3 Do you have capacity to respond? 1i, 1l, 4a, 4f SWIFT administration & operations training Security bootcamp Annual SWIFT certifications a) Ensure your staff are aware and trained to detect and respond to cyber threats 1i, 1l, 4f SWIFT Info Sharing & Analysis Centre SWIFT security guidelines b) Ensure your staff have access to latest cyber intelligence 4 Have you secured your ongoing operations? 4b Alliance Managed Operations System Care Premium Plus a) Implement independent monitoring and operations support SWIFT Security Update to ReBIT, March 2018 14

  15. Review the configuration of your channel against SWIFT best practices SWIFT infrastructure security review Operational excellence review Architecture analysis Have you secured your infrastructure? Comply with security controls Back office data flow security Two factor authentication Other security integration services SWIFT Security Update to ReBIT, March 2018 15

  16. Ensure independent reconciliation with golden-source data Daily validation reports Business intelligence reports Real-time flow monitoring Have you implemented necessary controls? Implement transaction controls Payments control service GPI stop & recall Ensure strong relationship management Regular RMA analysis and clean-up RMA+ for granular control SWIFT Security Update to ReBIT, March 2018 16

  17. Ensure your staff are aware and trained to detect and respond to cyber threats Security bootcamps Tailored training SWIFT Administration and Operation certifications SWIFTSmart Do you have the capacity to respond? Ensure your staff have access to latest cyber intelligence SWIFT Info Sharing & Analysis Centre SWIFT security guidelines SWIFT Security Update to ReBIT, March 2018 17

  18. Implement independent monitoring and operations support Alliance Managed Operations Local support Premium custom support Have you secured your ongoing operations? SWIFT Security Update to ReBIT, March 2018 18

  19. What you can continue to do 1 Engage in SWIFT ISAC and sign up for notifications. 2 Ensure mandatory security updates of SWIFT software are installed. Ensure that you fully comply with all the mandatory security controls and attest by 31 December 2018. 3 Consider your institution s counterparty risk frameworks to consume and utilise counterparty attestation data. 4 Consider SWIFT s anti-fraud tools (Payment Controls, Daily Validation Reports, RMA clean-ups, etc.) 5 SWIFT Security Update to ReBIT, March 2018 19

  20. ? ? Questions SWIFT Security Update to ReBIT, March 2018 20

  21. www.swift.com SWIFT Security Update to ReBIT, March 2018 21

Related


ReBIT Operational Excellence Webinar Series: Anti-Phishing Campaign

ReBIT Operational Excellence Webinar Series: Anti-Phishing Campaign

flanigan_s
Jonathan Swift: A Satirical Genius and Literary Figure

Jonathan Swift: A Satirical Genius and Literary Figure

knap_doc
European Trend for CSMs and Its Impact on SWIFT SENT

European Trend for CSMs and Its Impact on SWIFT SENT

richey
Swift Worker Remittance Solution for Mobile Financial Services

Swift Worker Remittance Solution for Mobile Financial Services

key_cas
Evolution of Secure Interbank Payment Systems

Evolution of Secure Interbank Payment Systems

kmeri
AEP Enterprise Security Program Overview - June 2021 Update

AEP Enterprise Security Program Overview - June 2021 Update

aubriella
Introduction to Swift: Evolution, Overview, and Basic Concepts

Introduction to Swift: Evolution, Overview, and Basic Concepts

edmonson_l
Analysis of Jonathan Swift's

Analysis of Jonathan Swift's "Gulliver's Travels

haigens
Transforming Mobility: A Journey Towards Sustainable Commuting at SWIFT

Transforming Mobility: A Journey Towards Sustainable Commuting at SWIFT

shaqui
Unveiling Satire in Gulliver's Travels

Unveiling Satire in Gulliver's Travels

moes_sai
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Essex Police Quarterly Update March 2018: Priorities and Progress

Essex Police Quarterly Update March 2018: Priorities and Progress

enola
Introduction to iOS Swift Programming at TalTech IT College

Introduction to iOS Swift Programming at TalTech IT College

dcon
Enhanced Security Measures for Your Social Security Account

Enhanced Security Measures for Your Social Security Account

maya
TSA Updates on Security Training Rule for OTRB Companies

TSA Updates on Security Training Rule for OTRB Companies

aziza
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Understanding Computer Security Principles and Practices

Understanding Computer Security Principles and Practices

jos_o
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

joso_597
Understanding Security Threats and Countermeasures

Understanding Security Threats and Countermeasures

grob_aid
Enhancing Rail Security in the European Union

Enhancing Rail Security in the European Union

pippa
Safety and Security Measures at Cameroon's Centralized Storage Facility

Safety and Security Measures at Cameroon's Centralized Storage Facility

mhubl
Enhancing Security Definitions for Functional Encryption

Enhancing Security Definitions for Functional Encryption

kalila
Taylor Swift Love Story Lesson Plan

Taylor Swift Love Story Lesson Plan

reign

More Related Content

Cutting-Edge Swift Heavy Ion Materials Research Retreat
Cutting-Edge Swift Heavy Ion Materials Research Retreat
Analyzing Gender-Based Double Standard in Taylor Swift's
Analyzing Gender-Based Double Standard in Taylor Swift's "The Man
K-SWIFT: Fast & Transparent Agricultural Clearance Initiative
K-SWIFT: Fast & Transparent Agricultural Clearance Initiative
Exploring Swift: A Modern & Powerful Programming Language
Exploring Swift: A Modern & Powerful Programming Language
Rouble Settlements via SWIFT: Insights from the 5th International Forum
Rouble Settlements via SWIFT: Insights from the 5th International Forum
Swift County Budget Summary 2021
Swift County Budget Summary 2021
Introduction to Swift Programming Language
Introduction to Swift Programming Language
RMIT and Apple Partnership: Revolutionizing App Development in Australia
RMIT and Apple Partnership: Revolutionizing App Development in Australia
Developing The Munchies iPhone App using Xcode and Swift 4
Developing The Munchies iPhone App using Xcode and Swift 4
ACC/AHA Clinical Performance Measures for Valvular Heart Disease
ACC/AHA Clinical Performance Measures for Valvular Heart Disease
Understanding Measures of Dispersion in Statistics
Understanding Measures of Dispersion in Statistics
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Cyber Threat Detection and Network Security Strategies
Cyber Threat Detection and Network Security Strategies
Securing IT Infrastructure at Exeter University
Securing IT Infrastructure at Exeter University
Understanding Information Security Basics
Understanding Information Security Basics
Comprehensive Overview of E-Commerce Application Development and Computer Security
Comprehensive Overview of E-Commerce Application Development and Computer Security
Hardware Security and Trusted Platform Module Overview
Hardware Security and Trusted Platform Module Overview
Enhancing Access Control, Security, and Safety in the Workplace
Enhancing Access Control, Security, and Safety in the Workplace
Enhancing Prison and Jail Security with Hard Technology Innovations
Enhancing Prison and Jail Security with Hard Technology Innovations
Understanding Enterprise Network Security and Firewalls
Understanding Enterprise Network Security and Firewalls
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
International Approaches to Enhance Nuclear Safety and Security
International Approaches to Enhance Nuclear Safety and Security
Evolving Security Practices in DevOps: A Holistic Approach
Evolving Security Practices in DevOps: A Holistic Approach