CYBER SECURITY
end of 2017, 89% of all Swift customers had
attested their level of compliance with the
security controls framework – accounting for
over 99% of all FIN messages sent over the
Swift network. The number of attestations
continues to rise as we draw towards the 31
December 2018 deadline for re-attestation,”
he said.
These CSP controls establish a minimum
baseline for cyber security hygiene, and Swift
customers must ensure compliance with the
mandatory controls by the December dead-
line. “As we can never lose sight of the rapidly
changing cyber threat, there will be more
work to do to drive security improvements
in 2019 and increase transparency across the
financial community,” he said.
In the past, financial institutions have been
reluctant to share information about cyber
attacks and instances of fraud. Lancaster said
this was due to a “natural reluctance” of com-
panies to share sensitive information, “partic-
ularly where it has the potential to highlight
their vulnerabilities to peers or customers”.
However, as the cyber threat has increased
and diversified in recent years, financial in-
stitutions have recognised their shared risks
and the benefits of collaboration and sharing,
he added. “For victims, a comprehensive re-
sponse plan with rapid sharing of information
maximises the chances of recalling fraudulent
payments, freezing beneficiary accounts, and
the recovery of funds.”
Elsewhere during Sibos, Sebastian Kuntz,
head of business development at Dutch cyber
security company Belleron, explained how
difficult it was for banks to deal with financial
crime in such as “fast moving and innovative
world” as banking. Building systems that are
Club @ Sibos
fully secure is impossible, he observed, and
banks should assume they are compromised
and focus on managing the risk.
For example, he said attacks usually happen
when financial institutions are most vulner-
able – Friday nights when everyone in the
bank is “at the pub” or during the Christmas
break. He cited the attack on the UK’s Tesco
Bank in November 2016, during which £2.26
million was stolen from 9000 customers. The
UK regulator, the Financial Conduct Author-
ity, fined the bank £16.4 million for failings it
said allowed the attack to happen.
Kuntz noted the attack on Tesco Bank
began at 9:30pm on a Friday; 52 hours passed
before the retail chain shut down all its pay-
ment systems for a full three days. It would
have been better to manage the attack with
minimal impact to the other functions of the
company, he said.
“You should close down only the part of
your banks that is under attack. We would
have only stopped payments from Spanish
and Brazilian florists,” he said. “You manage
the risk and stop the attack before it gets
massive.” The vast majority of transactions
in the attack on Tesco Bank came from Brazil
and used a payment method known as PoS
91, which is widely used outside of Europe
and does not limit the value of or number of
transactions. The perpetrators of the attack
remain unknown.
While payments have been a focal point of
cyber-security concerns following successful
attacks in recent years, securities firms were
urged to adopt frameworks and standards
amid a growing threat.
“We have currently seen no attacks within
our customer base in the securities market,
but it’s always a comma, yet,” said Swift’s
Lancaster. Around 30% of all the payments on
the Swift network are related to securities.
Panellists at Sibos agreed that the level
of sophistication and the impact of cyber
attacks are rising and that there are multiple
functions of the securities markets that are
vulnerable.
These range from disruption or ransom
attacks on central securities depositories,
clearing houses and custodian banks, which
have a high level of systemic reach, to aspects
such as standing settlement instructions,
corporate actions and data, which could be
open to manipulation. While less likely to
occur, attacks on major infrastructures are a
particular concern for the industry due to the
potential impact. A disruption of these ser-
vices can significantly impact the functioning
of financial markets by, among other things,
impeding credit and liquidity flows.
“These central infrastructures we rely on so
much have to be incredibly resilient because
of the motivation for disruption. If you were
looking to disrupt, you might go for the cen-
tral utilities,” said William Hodash, managing
director, enterprise data management, DTCC.
Mark Gem, head of compliance at Clear-
stream, said the cyber threat to the securi-
ties industry was no different from that in
the payments industry but was “sometimes
overlooked. When people think about cyber
defences and what to do if another bank they
are connected to is compromised and sends
fraudulent messages, our fear is that they
see that as purely payments. But they must
remember that they also have a securities
business and the cyber defences need to cover
that as well,” he said.
“I think the issue we
have is there is a lot
of financial incentive
for cyber criminals to
collaborate.”
JACQUELINE
MCNAMARA, TELSTRA
www.clubsibos.com | CLUB@SIBOS | 3