In order to strengthen the security, Indian regulator RBI also issued many circulars in this regard and even RBI has imposed penalties on 36 Banks in March 2019 for non-compliance on SWIFT Operations
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables banks to send and receive information about financial transactions in a secure, standardized and reliable environment. SWIFT is commonly used by most of the banks in India for cross border inter-bank payments system. Now even SWIFT India is providing services for domestic payment system.
A series of cyber-attack using the SWIFT Banking network has been reported in last 4-5 years. The first public report of these attacks came from Bangladesh Central Bank. We have also seen the attack at State Bank of Mauritius, COSMOS Bank and City Union Bank.
In order to strengthen the security, Indian regulator RBI also issued many circulars in this regard and even RBI has imposed penalties on 36 Banks in March 2019 for non-compliance on SWIFT Operations.
SWIFT has also come up with Customer Security Program (CSP) wherein they have released a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure.
The controls in the CSP revolve around three objectives:
1. Secure your environment
2. Know and limit access
3. Detect and respond
What banks should do to strengthen the SWIFT infrastructure and operations: -
1. Isolate the general IT environment from SWIFT infrastructure.
2. Disable USB, email, Internet from SWIFT workstations.
3. Restrict the gateway timings as per their business requirement and integrate the same with SIEM for proper monitoring and reporting any anomaly detection.
4. Patch the servers and endpoints regularly.
5. Monitor the user logon activity through SIEM and reporting any anomaly detection.
6. Regularly review the existing RMA (Relationship Management Application) and remove the obsolete RMAs.
7. RBI has asked all banks to integrate the SWIFT with CBS for both financial and non-financial messages, however still many banks has not implemented STP (Straight Through Processing) for non-financial messages. So, bank should integrate SWIFT with SIEM and any direct message created in SWIFT should be reported immediately.
8. Regularly reconciling the NOSTRO account.
9. If any bank is using middleware applications between SWIFT and CBS then they should do online reconciliation using any recon tool to reconcile messages generated in middleware and SWIFT.
10. Ensure SoD (Segregation of Duties) in letter and spirit.
11. Monitor the activities of privileged users in SWIFT system using any PIM/PAM tool.
12. Vulnerability Assessment (VA) should be carried out periodically.
13. Implementing Multi-factor Authentication (MFA) in both CBS and SWIFT.
14. Logs of SWIFT infra should be sent to SIEM and SOC should monitor integrity check of both software and database.
15. Create, publish and test the Incident Response Procedure and conduct table top exercise frequently.
16. Lastly, awareness of security should be mandatorily imparted to all users as security is a shared responsibility.
The author is ICT Security Risk & Compliance Manager, CNH Industrial