Swift-Era Attacks Require Protection 'Inside' the Perimeter

In an age in which organizations such as Swift are subject to attack, traditional perimeter security defenses are no longer enough to stop attackers from getting into the system and stealing valuable information.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has become a popular target for these digital attacks, due to the sensitive financial transaction information it transfers worldwide.

In addition, these threats are not easily identified by security intrusion detection systems, making it difficult for organizations to quickly remediate an attack. For example, in February, an attacker gained access to Bangladesh Bank's Swift payment system, making off with $81 million in proceeds. According to Swift, these attacks are "persistent, adaptive, and sophisticated" and "here to stay."

In the case of the Bangladesh Bank breach, attackers only had to find one weak point to gain access. Once they did, installing the malware they'd created to study and alter financial messages exchanged via Swift appears to have been simple.

As an industry, there needs to be a stronger focus on protecting the data itself—not just the network perimeter—because that’s what the bad guys are after. Financial institutions need several lines of defense to secure their environments, particularly as attackers evolve their tactics and identify new ways to pull off these heists.

Swift is already taking action to defend against future threats to its network. In addition to issuing patches and requiring customers to update their software, CEO Gottfried Leibbrandt recently outlined a five-part process for improving cybersecurity at global financial institutions, including hardening existing infrastructures and introducing certification processes for third-party participants in the Swift network. While this is good progress, the work can't stop there.

Financial organizations should take additional steps to secure their payment infrastructures, including:

Adopting a minimally invasive security platform. Malware is most harmful in connected systems. Organizations must protect their network with tools designed to detect, deny, or immediately quarantine malicious code. Also, businesses should not deploy apps into their network unhindered. Instead, limit the reach of new software to self-contained hardware or software systems.

Training and deploying "hunt teams." Bad actors are notoriously difficult to catch. Using large-scale analytics and bid data systems to scour logs of network activity can help to find and isolate anomalous behavior. These "hunt teams" are like homicide detectives who search for clues in the aftermath of a breach. Each finding and closing loopholes to keep perpetrators on the run.

Sharing intel and analysis. Cybercriminals generally post exploits in the far corners of the Dark Web to encourage more attacks. Financial institutions can inoculate against this kind of behavior by sharing their experiences battling attackers—especially the moments where breach points became unexpectedly exposed.

As criminals continue to evolve and profit from new avenues of attacks that are faster and less costly, organizations must also take steps to better mitigate their risks. Organizations should adopt a security platform that rejects malware the minute it's found, develop hunt teams to stalk and eradicate bad code where it lives, and share their findings. By implementing these security measures, financial institutions will be better able to protect their sensitive information and stop adversaries in their tracks.

Mary Karnes Writz is head of applied innovation for HPE Security Products, Hewlett Packard Enterprise.