1 / 18

Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017

Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017. v17. CSP | Modus Operandi. Step 1. Step 2. Step 3. Step 4. Attackers compromise customer's environment. Attackers obtain valid operator credentials. Attackers submit fraudulent messages.

nijole
Download Presentation

Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Customer Security Programme (CSP)Denis Kruger SWIFT Head Sub-Sahara Africa April 2017 v17

  2. CSP | Modus Operandi Step 1 Step 2 Step 3 Step 4 Attackers compromise customer's environment Attackers obtain valid operator credentials Attackers submit fraudulent messages Attackers hide the evidence • Common starting point has been a security breach in a customer’s local environment • In all cases, the SWIFT’s network and core messaging services have not been compromised • Attackers are well-organised and sophisticated • Attackers compromise the bank’s local environment by introducing malware either directly at the bank or remotely, e.g. e-mail phishing campaigns, via a USB stick or rogue internet URLs • Attack can be started from either a malicious insider or an external attacker, or both • Attackers are looking for valid account ID and password credentials from staff who have legitimate access to payment infrastructure • Once they obtain them, they have the ‘keys’ to the system • At this stage they very often watch and wait to familiarisethemselves with how banks’ back office process and systems work • Once an attacker has valid credentials and enough knowledge on how to access and use the applications, they can log in, impersonate the operators from whom they stole the credentials, and submit fraudulent payments – all without raising suspicion • Sometimes happens outside the normal bank working hours • Attackers hide the evidence • Numerous methods have been used, e.g. tampering with the reconciliation process; deleting or manipulating records / logs either remotely or using malware • This wins time to make sure the transfer of funds happens without detection

  3. CSP | Framework Customer Security Programme While all SWIFT customers are individually responsible for the security of their own environments, a concerted, industry-wide effort is required to strengthen end-point security On May 27th, 2016 SWIFT announced its Customer Security Programmethat supports customers in reinforcing the security of their SWIFT-related infrastructure CSP focuses on mutually reinforcing strategic initiatives, and related enablers

  4. CSP | You > Security Guidelines and Assurance • Security Guidelines and Assurance Framework • Enhance security guidelines. Develop security requirements and related assurance compliance framework to strengthen the secure management of SWIFT messages at customer sites. Some guidelines will become mandatory • Actions to Date • In July 2016, we published an expanded security guidance document for Alliance Products, outlining minimum controls recommended for customer implementation, including 2FA, segregation of networks, segregation of duties and RMA management practices • Next Steps • Further enhancement of guidance documents for Customer Managed Interfaces and Alliance Lite2 • Following customer validation via NMG. A first version will be published in Q1 2017 and come into play through self-attestation in Q2 2017

  5. CSP | You > Security Guidelines and Assurance Security Controls 3 Objectives 8 Principles • Applicable to all customers and to the whole end-to-end transaction chain beyond the SWIFT local infrastructure • Mapped against recognisedinternational standards • 16 controls are mandatory and 11 are advisory • Documentation and collateral available since end of October 2016 27 Controls

  6. CSP | You > Security Guidelines and Assurance

  7. CSP | You > Security Guidelines and Assurance

  8. CSP | You > Security Guidelines and Assurance • Self-Attestation • Where customer positively asserts that it meets the security requirements • First- and second-line of defence – provided by senior management • All customers with an interface • All customers with a small local footprint Assurance Framework Self Attest • Self-Inspection • Where customer’s Internal Audit asserts that the customer meets the security requirements • Third-line of defence - provided by Internal Audit function • Risk based sample of customers with a small local footprint Self Inspect Third-Party Inspect • Third-Party Inspection • For an external party that provides independent validation that the customer meets the security requirements • All traffic concentrators (extended SIP), executed by SWIFT • Risk based sample of customers with an interface, executed by third-party auditors

  9. CSP | You > Security Guidelines and Assurance • Q2 2016 • Q3 2016 • Q4 2016 • H1 2017 • H2 2017 • 2018 Milestones • V0 for Validation • V1 • Mandatory • Alliance R7.2 • Collateral Community Engagement Bilateral Consultation Validation Self Assessment Self Attestation • Pilot Inspections Inspections • Pilot Enforcement of Mandatory Software Updates Reinforcement of Cyber-Incident Reporting to SWIFT Enforcement of Controls Enforcement

  10. CSP | You > SWIFT Tools • SWIFT Tools • Further strengthen security requirements for interfaces, tools and software (including those from third-parties) to better protect local environments and continue efforts to harden SWIFT-provided products • Actions to Date • Release 7.1.14 • Release 7.1.20 and 7.0.70 with stronger default password management, enhanced integrity checking and in-built 2FA for Alliance Access clients who do not have existing 2FA implementations • Bilateral engagement with vendors on third-party certification for interface providers • Release 7.0.50 for Alliance Gateway and SWIFTNet Link introducing enhanced integrity monitoring capabilities • Next Steps • Planning of security enhancements for • AMH 3.6 Q2 2017 • Access 7.2 Q2 2017 • Focus on enforcement of mandatory updates

  11. CSP | Your Counterparts > Transaction Pattern Detection • Transaction Pattern Detection • Extend the use of existing tools for fraud detection and prevention, to explore the extension of future 'opt-in' fraud prevention services and to share and develop market practice for fraud detection through the SWIFT community • Actions to Date • Launch of global RMA campaign to promote use of existing tools as a first line of defence against unwanted or unexpected message flows • ‘Daily Validation Reports’ designed to help customers identify possible security concerns in their daily transaction flows • Next Steps • Development of market practice for correspondent banking fraud and stopping/cancelling payments, with the SWIFT community

  12. CSP | Your Community > Intelligence Sharing • Intelligence Sharing • Deepen our cyber security forensics capabilities so that we can create unique intelligence on SWIFT-related events and disseminate anonymised information to the community • Actions to Date • Established a Customer Security Intelligence (CSI) forensics team that has built a detailed inventory of malware… • Contribution of intelligence to existing organisations and published anonymisedthreat intelligence to the community • Launched Security Notification Service • Engagement in industry forums and on a bilateral basis with customers, at CISO and COO level • Building a comprehensive CISO network • Next Steps • Establish ‘SWIFT Intelligence Sharing and Analysis Centre (ISAC)’ to share information and best practice with the SWIFT community as well as the cyber intelligence community

  13. CSP | Your Community > Third-Party Providers • Third-Party Providers • Structural enhancement of customer security requires the extensive support of third-party providers, e.g. security software and hardware, consulting and training, implementation services, providers of fraud detection solutions, service bureaus and auditors • Foster a secure ecosystem through partner programmes, organisation of industry events where such providers can engage with our customers, and certification programmes • Next Steps • Engage through industry events, African Regional Conference, Business and Technical Forums, Innotribe, the SWIFT Institute and Sibos

  14. CSP | Your Community > Customer Engagement and Communications • Customer Engagement • General awareness sessions • Security Controls / Assurance sessions • Deep-dive workshops • Premium Plus events • Industry Forums and SWIFT events • CISO registration • Communications • Press releases • Customer and vendor letters • CSP Home Page – FAQs, presentations, webinars, training materials

  15. CSP | Your Community > Customer Engagement and Communications Customer Training Courses

  16. CSP | Your Community > Customer Engagement and Communications You • Secure your local environment • Sign up to our Security Notification Service • Stay up to date with SWIFT’s latest security updates • Get ready to adopt our new security requirements Actions for Customers Your Community Your Counterparts • Inform SWIFT if you suspect that you have been compromised • Provide contact details of your company’s CISO for incident escalation • ‘Clean-up’ your RMA relationships • Put in place fraud detection measures

  17. CSP | Open Discussion ? Questions and open discussion … GTB-BPC meeting at Sibos – 26 September 2016

More Related