28 October 2019

Cyber Resilience and Financial Organizations: A Capacity-building Tool Box

A new set of cyber security tools provides financial institutions with actionable measures to protect themselves from online fraud.

Updated in 2021, these useful practical guides and checklists are ever more relevant to secure our ecosystem.  This update includes the updating of the existing toolkit as well as the additions of guides and checklists for to protect against Ransomeware and Workforce vulnerabilities.  Also added three new languages : Mandarin, Hindi, and Japanese.

Financial institutions have always been attractive targets for fraud; “free” money is a powerful incentive. Cyber security risks have become so prevalent that in 2017 the G20 finance ministers and central bank governors declared that “the malicious use of Information and Communication Technologies could…undermine security and confidence and endanger financial stability.”

These concerns have led to a flurry of regulatory and policy activity in recent years at both the international and national levels from the Financial Stability Board to the IMF, CPMI, and IOSCO and, on the industry side, from the #SWIFT Customer Security Program (CSP) to FS-ISAC and Sheltered Harbor. Financial institutions globally sprang into action to strengthen and increase their cyber security.

Smaller players are more exposed

Smaller institutions, however, deserve special attention. Many are particularly vulnerable as they are constrained by fewer resources and often less experience. In 2016, credit unions and banks with less than $35 million in assets accounted for over 80% of hacking and malware breaches in the financial sector. In 2018 58% of overall cyber-attack victims were small businesses.

Minimizing cyber risk to the financial sector depends upon the protection and participation of smaller organizations such as credit unions, savings banks, building societies, trust companies, account servicers, and even end customers. A system’s cyber security is only as strong as its weakest link.

The right tools for the job

The SWIFT Institute sponsored efforts by the Carnegie Endowment for International Peace to build the “Cyber Resilience and Financial Organizations: A Capacity-building Tool Box”. Developed by Tim Maurer and Kathryn Taylor, the tool box consists of six easy-to-use guides and checklists that provide senior management at financial institutions with actionable measures to improve their organisation’s cyber security. The tool box exists in seven languages and is based on existing frameworks, policies, and standards from around the globe (including SWIFT’s CSP). While relevant to all financial institutions, it has been designed primarily for less cyber-mature and smaller organisations.

The tool box contains six key sections:

  • Board-Level Guide: Cybersecurity Leadership
  • CEO-Level Guide: Cybersecurity Leadership
  • CISO-Level Guide: Protecting Your Organization
  • CISO-Level Guide: Protecting Your Customers
  • CISO-Level Guide: Protecting Connections to Third Parties
  • Incident Response Guide

In addition to English, the guides and checklists are available in Arabic, Dutch, Spanish, French, Portuguese and Russian. To help disseminate the tool box, Carnegie are partnering with leading institutions including the IMF, FS-ISAC, Standard Chartered and of course SWIFT and the SWIFT Institute.

The tool box content is available to all and can be freely shared via the following link: Cyber Resilience and Financial Organizations: A Capacity-building Tool Box

Pictured: Tim Maurer, Co-Director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, presented the tool box at Sibos London last month