Unfortunately for its brand, customers, and partners, SWIFT seems to be operating in a sub-optimal “reactive” mode to the series of cyber breaches on its systems over the past several months.
SOCIETY FOR WORLDWIDE INTERBANK FINANCIAL TELECOMMUNICATION
Money in motion, much less large sums moving over multiple networks and jurisdictions, is the #1 target for cyber criminals today.
Responding vs. Reacting
No one can fully eliminate any type of risk, much less cyber risk, especially when specifically targeted by sophisticated, ambitious, and well resourced perpetrators. However, as an effective alternative to “reactive” - planning and preparedness can position a firm to be “responsive” in order to act quickly with coordination across divisions, partners, and customers. A “responsive” mode contains the damage, evidences the firm has acknowledged and planned to face the risk, and demonstrates it can act effectively when problems arise.
Protecting the Perimeter
SWIFT, like any other organization large or small, cannot insulate itself by protecting its electronic domain alone, and must acknowledge the risk at the perimeter of its operation. The inbound perimeter includes a firm’s supply-chain, while the outbound network includes customers, partners, and any element of the demand-chain that constitutes complete delivery of the customer’s expectations for the service or product it provides.
"Unfortunately for its brand, customers and partners, SWIFT has primarily been in a “reactive” mode to the recent string of incidents."
Brad Deflin, president and founder of Total Digital Security
SWIFT is late in its activities toward prevention and accountability, and must work hard to build a state of prepared response to the inevitable attacks it will face again. Collaboration, information sharing, intelligence, and forensic abilities are required from SWIFT to not only mitigate risks of a future breach, but to operate from a position of strength when the next one succeeds.
You can read the AFP's report, including our quotes, here: