In an age in which organizations such as Swift are subject to attack, traditional perimeter security defenses are no longer enough to stop attackers from getting into the system and stealing valuable information.
The
In addition, these threats are not easily identified by security intrusion detection systems, making it difficult for organizations to quickly remediate an attack. For example, in
In the case of the Bangladesh Bank breach, attackers only had to find one weak point to gain access. Once they did, installing the malware they'd created to study and alter financial messages exchanged via Swift appears to have been simple.
As an industry, there needs to be a stronger focus on protecting the data itself—not just the network perimeter—because that’s what the bad guys are after. Financial institutions need several lines of defense to secure their environments, particularly as attackers evolve their tactics and identify new ways to pull off these heists.
Swift is already taking action to defend against future threats to its network. In addition to issuing patches and requiring customers to update their software, CEO Gottfried Leibbrandt recently outlined
Financial organizations should take additional steps to secure their payment infrastructures, including:
Adopting a minimally invasive security platform. Malware is most harmful in connected systems. Organizations must protect their network with tools designed to detect, deny, or immediately quarantine malicious code. Also, businesses should not deploy apps into their network unhindered. Instead, limit the reach of new software to self-contained hardware or software systems.
Training and deploying "hunt teams." Bad actors are notoriously difficult to catch. Using large-scale analytics and bid data systems to scour logs of network activity can help to find and isolate anomalous behavior. These "hunt teams" are like homicide detectives who search for clues in the aftermath of a breach. Each finding and closing loopholes to keep perpetrators on the run.
Sharing intel and analysis. Cybercriminals generally post exploits in the far corners of the Dark Web to encourage more attacks. Financial institutions can inoculate against this kind of behavior by sharing their experiences battling attackers—especially the moments where breach points became unexpectedly exposed.
As criminals continue to evolve and profit from new avenues of attacks that are faster and less costly, organizations must also take steps to better mitigate their risks. Organizations should adopt a security platform that rejects malware the minute it's found, develop hunt teams to stalk and eradicate bad code where it lives, and share their findings. By implementing these security measures, financial institutions will be better able to protect their sensitive information and stop adversaries in their tracks.
Mary Karnes Writz is head of applied innovation for HPE Security Products, Hewlett Packard Enterprise.