24 October 2016

A guide to SWIFT Customer Security Programme compliance

 

The Society for Worldwide Interbank Financial Telecommunications (SWIFT), a global provider of financial messaging services, is releasing a set of core security standards to help improve cyber security within the banking sector.

The SWIFT Customer Service Program (CSP), set for enforcement from 2018, is designed to help member organisations secure their network environment, manage access to systems and detect and respond to threats.

Its release follows a number of high-profile cyber-attacks, such as a reported US $81m heist Bangladesh Central Bank heist in February 2016.

 

Tackling security vulnerabilities

 

SWIFT is used widely across the banking sector to conduct millions of financial transactions and the impending publication of 27 controls will help organisations to address eight key security principles:

  1. Restricting Internet access
  2. Segregating critical systems
  3. Reducing the attack surface and vulnerabilities
  4. Securing the physical environment
  5. Preventing compromise of credentials
  6. Managing user privileges
  7. Detecting anomalous activity
  8. Sharing intelligence and devising incident response procedures

Inspection of the controls will begin on 1st January 2018, with the compliance status of each bank to be made visible to all other members. SWIFT says that it will require members to undergo random checks by auditors and will report any non-compliant organisations to industry regulators such as the Financial Conduct Authority.

Learn more about the SWIFT CSP here.

 

An overview of SWIFT assessment services

 

For organisations that need to comply with SWIFT security standards, Redscan’s range of dedicated services are designed to alleviate the pressure of compliance. Our qualified security professionals are widely experienced working across investment banking and financial services sectors and can help organisations prepare for the introduction of the new controls with a range of SWIFT assessment services including:

Virtual CISO

With our Chief Information Security Office-as-a-service, benefit from the high-level security advice needed to devise a successful risk management policy that complies with the latest SWIFT requirements

Penetration Testing

Internal and external penetration testing, incorporating automated and manual assessment, highlights vulnerabilities across systems, applications, networks, firewalls and more

Red Teaming

A full-scope cyber attack simulation aids preparation for SWIFT by replicating modern adversarial techniques that challenge an organisation’s technology, people and policies to stand up to a real-word incident

Managed Detection & Response

Combining cutting edge-technology with expert human analysis, our ThreatDetect™ service proactively monitors network and assets to hunt for threats, and provides effective and rapid remediation advice

Contact us to learn more about Redscan’s range of security services for SWIFT Customer Security Program compliance.

back to all posts