There’s no end in sight for SWIFT hacks against banks, but financial institutions can improve the security of your investment
If you are like so many people around the world who use a bank to safeguard your money, you should be worried about the hacks against banks using the SWIFT financial messaging system. SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, is a cooperative of banks sharing the same network to settle payment transactions with each other. Hundreds of thousands of banks around the world use SWIFT to moving trillions of dollars—your money—everyday.
During the summer of 2016, hackers used malware to bypass three international banks’ security systems to gain access to SWIFT terminals. They initiated unauthorized money transfers from one bank to another, presumably so they could withdraw the money incognito. Read more here.
This is not the end of the story. SWIFT maintained that the network itself has not been breached; yet, at the same time, the cooperative has released an official statement to its members. The statement basically reads, “We have detected more attacks on our member banks, and you need to step up on the security of your systems.” To help with that, SWIFT is releasing a new tool in December, which will send daily reports to the banks on the activities of the terminal connections.
While keeping a close eye on bank activities is a great start, there are other ways to improve banks’ security systems. In addition to upgrading the firewall, here are a few more tips.
- Segregate access to SWIFT interfaces from the rest of the apps such as email, browser, and other business productivity apps that are more vulnerable to malware. Install the SWIFT interfaces on a separate firewalled security zone and publish through Citrix XenApp as a virtualized app.
- Use two-factor authentication technology with Citrix NetScaler to ensure the appropriate employees have access to the apps. Make sure to enforce role-based privileges, for example, limiting copy and printing to certain types of data that apply to specific types of employees.
- Provide a single access point to the apps. If the SWIFT interfaces and business productivity apps are installed on separate security zones, Citrix Receiver can pull both sets of apps for a consistent, seamless user experience and enforce the two-factor authentication with Citrix NetScaler. Today, Citrix Receiver for Chrome devices is even more secure than ever, and can support smartcard integration.
Financial services companies are facing enough security risks every day – insider threats, malware and ransomware, denial of service attacks, and social engineering. By observing some key best practices such as segmentation, app virtualization, role-based privilege enforcement and two-factor authentication, banks can reduce their attack surface and protect what’s critical – your money.