Following the news about the SWIFT network attacks, Igor Baikalov, Chief Scientist at Securonix commented below.
Igor Baikalov, Chief Scientist at Securonix:
“I find it highly amusing that there’s even a discussion of who is responsible for the security of a SWIFT terminal – SWIFT itself, the financial institution, or the local banking regulator? It seems like something that should have been resolved well before the largest global payments network, connecting 10,000 banks, was established.
And banks have long been aware that third-party security is their problem, not that of the third-party. That must have been one of the founding principles behind SWIFT – to create a cooperative that takes care of this problem for its members. Economy of scale, so to speak.
According to recent admissions by several senior SWIFT officials, that was not the case. SWIFT’s priorities were placed elsewhere. Perhaps, in signing up thousands of banks in emerging economies, with little or no support for investigating and prosecuting cyber crimes?
And while blaming North Korea became a default excuse for lax security practices, the terminal’s security is not the only problem here. Try to submit an online request with your bank to transfer a couple of thousand dollars to a new recipient. What do you get? A text message or a phone call asking for confirmation, called out-of-band verification. (If you don’t get it, switch your bank immediately!)
Then why, when the bank receives a SWIFT request to transfer a billion dollars, there’s no verification at all?
SWIFT failed to protect the integrity of its messaging network, allowing attackers to inject malicious messages, and its overall approach to the security of transactions is (like many other things in Brussels) in need of a major overhaul.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…