The banking industry needs to work towards information sharing if it is to deal with new cyber threats, according to the Chief Information Security Officer of SWIFT.
Speaking at the FT Cyber Security Summit, Alain Desausoi said that combining intelligence was key to allow secure financial transactions.
“Information sharing has been the quest for the Holy Grail,” said Desausoi. “We all starve to get information and it’s always difficult to take the step.”
He said that looking at what was going on inside customer’s networks was essential to building intelligence that could be used elsewhere.
“From that we derive the indicators of compromise, things which you should look at in advance of the fraudulent messages being attempted.”
Desausoi also said that it was necessary to allow hackers to get into networks in order to gather intelligence.
Desausoi’s comments came the day after SWIFT announced the introduction of Daily Validation Reports, a new tool that is designed to supplement customer fraud controls.
The tool will include both Activity Reports and Risk Reports. The Activity Reports will allow institutions to see their aggregate daily activity across currencies, countries and counterparties: “a snapshot view of each day’s messaging activity against which to detect unusual patterns”.
The Risk Reports will provide a focused review of large or unusual payment flows as well as new combinations of payment parties.
Desausoi also discussed the company’s multi-layer security approach, which covers information sharing, product resistance to attacks, making security practices more accessible to customers and ensuring banks have the right partners to work with on security.
An attack in February using the SWIFT network saw $81m (£56m) stolen from Bangladesh’s central bank, after attackers exploited vulnerabilities in banks funds’ transfer initiation environments before sending the messages over SWIFT.
SWIFT is the primary communications channel for financial institutions engaged in correspondent banking around the world, transmitting messages relating to payments, securities, treasury and trade between financial institutions.
