27 November 2017

With the self-attestation deadline rapidly approaching, how confident are you in your organisation’s ability to comply with the SWIFT Customer Security Programme?

 

All SWIFT customers must submit their attestations by 31st December 2017, and annually thereafter. Redscan can help organisations to prepare and validate their attestations by conducting a Readiness Assessment to identify and address weaknesses ahead of any potential regulatory audits and inspections.

 

What is the SWIFT CSP?

 

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) provides the communications network used by financial institutions around the world to share information about financial transactions.

The SWIFT Customer Security Programme (CSP) is a framework designed to secure the global banking system by helping member organisations to improve their cyber security. Its controls are articulated around three overarching objectives:

1. Secure Your Environment
2. Know and Limit Access
3. Detect and Respond

These objectives are split across 8 security principles and further divided into 16 mandatory and 11 advisory controls.

 

The importance of having the right security in place

 

More than 11,000 financial institutions in over 200 countries use SWIFT’s interbank messaging system to make important financial transactions. This makes SWIFT users a lucrative target for cybercriminals.

Just last month, Nepal’s NIC Asia Bank reported a breach that led to the processing of fraudulent payments totalling $4.4 million. This followed the theft of $60 million from Taiwan’s Far Eastern International Bank in October and an $81 million heist from Bangladesh Central Bank in 2016.

While there is no indication that SWIFT’s network was the source of the compromise in any of these attacks, the company has nonetheless taken important steps to help protect its members with the release of its own custom security program.

 

The benefits of a Redscan SWIFT CSP Readiness Assessment

 

Commissioning a gap analysis from Redscan is an effective way to verify how well your organisation’s information security stacks up against the SWIFT CSP mandatory and advisory controls. Attestation with SWIFT is an annual process, and with your organisation’s security posture continually changing, it makes sense to conduct regular reviews with dedicated security experts.

 

Managed security services supporting SWIFT CSP compliance

 

Should your organisation require help improving any area of its security posture, Redscan offers a range of supporting security services for the financial services sector.

To help secure your organisation’s evolving IT environment, Redscan’s vulnerability assessment, penetration testing and red teaming services can help to identify hidden weaknesses across on-premise and cloud-based infrastructure and recommend remedial actions to address them.

To support the ability to ‘Detect and Respond’, Redscan’s award-winning ThreatDetect™ MDR service helps to mitigate cyber risk by integrating the tools and expertise needed to hunt for, identify and remediate threats across networks and endpoints.

Learn more about Redscan solutions for the financial services sector

 

Read more:

Understanding dark data and its implications for the GDPR

The Paradise Papers: why data security is vital for client confidence

A guide to SWIFT Customer Security Programme compliance

 

back to all posts