SWIFT Institute: Cyber Security 3.0 – Better Together
On Friday 18 August the SWIFT Institute, in partnership with Nanyang Technological University, hosted its second cyber security event of the year. The aim was to share new research, and bring together cyber experts from academia and the financial industry.
Alain Raes, SWIFT Chief Executive for APAC and EMEA opened the conference underlining the importance of collaboration, and the responsibility of industry to manage cyber security risk, particularly in light of unprecedented levels of innovation. The cost of cyber attacks is estimated at USD 1.4 trillion in 2016. He drew parallels to Babylon – which in ancient civilisation had a population of up to 200,000 people; ground breaking at that time but with inherent risks such as disease, but which was ultimately successful – underlining the importance of not disconnecting, and working together.
Alain highlighted steps SWIFT has been taking to play a part in this collaboration, including basic hygiene measures to protect the banking environment through SWIFT’s customer security controls – encompassing 16 security measures; counterparty payment controls; and information sharing. He also highlighted how the cybersecurity risk is increased with the disruption driven by the region’s FinTech giants.
Will Carter, Deputy Director of the Technology Policy Program at the Centre for Strategic and International Studies, gave a comprehensive overview of the forces shaping the next generation of attacks. He highlighted that investment was not keeping up with attacks, and that there is a new generation of attackers, launching massive co-ordinated attacks at scale across the industry. He considered the forces shaping the threat landscape examining the attack surface, attacker incentives and new defences. The attack surface is generally wider than the defender’s narrow view of a computer – take for example the Internet of Things and mobile banking, which are providing new access points for cyber attackers and changing the geography of cybercrime. Financial cybercrime is growing rapidly in developing nations, driven by the proliferation of mobile banking. Attack incentives are changing as the nature of threat actors has changed. Attackers are in countries where it is typically hard to enforce laws against cybercrime, and we are seeing nation state actors robbing banks. There is a wide availability of tools for attackers available on the dark web, and law enforcement is struggling to keep up, particularly given the cross border nature of attacks. New defences are being developed, but attackers are adapting as well – including developing new strategies for social engineering to compromise bank employees and launching attacks which make fraudulent transactions appear legitimate to evade new fraud prevention measures. Attacks are taking a hybrid nature – for example, DDoS attacks are increasingly used as a cover for other forms of attack happening in parallel. Will emphasised the importance of a collaborative ecosystem to combat these attacks. An audience discussion emphasised the importance of cyber attacks being treated as a strategic business issue and not just a technology issue – a theme elaborated further during the panel discussion.
Casey Evans, from the American University’s Kogod School of Business then gave an overview of an approach to share insider threat indicators, leveraging SWIFT’s messaging platform to combat cyber attacks. Casey highlighted that the growth in cyber attacks requires a new approach to defences, as highlighted by Will. The cyber landscape has diversified – in particular the scope and nature of attacks. She highlighted that it takes on average 146 days to detect a sophisticated attack. She also highlighted that Singapore came top of the UN Cybersecurity index, with Malaysia coming third. Casey provided an overview of a tool to facilitate sharing cyber attack information using the SWIFT messaging platform. Based on research on intelligence failings of the 9/11 attacks, key findings were the importance of having in place a centralised management system, a uniform system to transmit and cultural support for the sharing of information. Casey’s team considered intelligence sharing tools and suspicious activity reports to develop a tool for sharing cyber threat/attack information. They also considered FS-ISAC information sharing platforms, which was not chosen as it is a one to many broadcast rather than a secured one-to-one communication. Their proposed tool has been developed to collect cyber attack information based on insiders, which can potentially be disseminated over the SWIFT network. It includes an assessment of defined threat indicators relevant to the threat/attacks. The legal consequences of sharing this information have been considered from a US law perspective, including privacy and monitoring of employees. Saqib Sheikh, Head of Sales Services Asia Pacific at SWIFT then gave an overview of the innovation and steps being taken at SWIFT to mitigate cyber risk, and the dissemination of this approach amongst SWIFT’s members across the region.
Tim Maurer from the Carnegie Endowment for International Peace then gave an overview of the importance of collaboration for cyber security risk at the international level – and the commitments that the G20 have made in respect of G20 members collaborating in respect of cyber risk. He considered the success of an agreement between China and the US at presidential level to prevent cyber enabled theft of IP, and as a result the number of these thefts has decreased. He discussed how hacking can impact financial stability. The G20 Finance Ministers have recognised that there is a real risk to the financial community at large regarding cyber attacks. Based on these concerns, the Carnegie Endowment has proposed an international agreement to be agreed at the G20 level with states committing not to conduct any activity that manipulates the integrity of financial institution’s data and algorithms or undermines the availability of critical systems.
There was a panel discussion on how to collaborate to prevent cyber attacks, led by Caitriona Heinl, Research Fellow, Cyber Policy & Strategy, Nanyang Business School..
…read the full wrap-up report here