igor - Fotolia
“We were surprised by the gap between the skills of the attackers and the cyber security practices in the banking industry,” he told the FT Cyber Security Summit in London.
The heist was part of a wider campaign that would have netted the cyber thieves almost $1bn if a typo had not alerted bank officials, who managed to block a further fraudulent transaction of $870m.
Swift subsequently acknowledged that the heist involved altering Swift software to hide evidence of fraudulent transfers, but it said its core messaging system was not harmed.
Desausoi said it also involved the theft of Bangladesh central bank credentials that enabled the attackers to impersonate authorised users to initiate transactions.
“Think of Swift as a secure mail system, but banks have their own software and systems that they manage that send messages to us,” he said.
One of the biggest problems, said Desausoi, is that while the threat is the same worldwide, the necessary skills to manage them are not the same in all countries.
Subsequent to the heist, Swift took steps to help the banking community fill the gaps that had been exposed, which included releasing software to help banks detect anomalous activity.
Read more about cyber crime
- More than half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime, says a PwC report.
- The value chain driving cyber crime provides insights into improving enterprise cyber defences, according to a report from Hewlett Packard Enterprise.
- Most information security professionals support the National Crime Agency’s call for help from businesses in pursuing cyber criminals.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
Swift also developed a customer security strategy to address the risk, which is made up of five components.
These are improved information sharing, more resilient software, improved security practices, traffic pattern detection to identify anomalies, and ensuring banks have the right security partners.
“Information sharing can be difficult to get going, but it is essential so that banks are better able to spot malicious activity in future,” said Desausoi.
As part of Swift’s customer security intelligence programme, the organisation is now making indicators of compromise (IOCs) available to customers.
“Customer feedback about IOCs has been positive, with many telling us that it has been very helpful in planning and improving cyber defences,” said Desausoi.
He said Swift has a well-established cyber security programme, but it is continually seeking to raise the bar by introducing things such as penetration testing, security operations centres and proactively hunting for attackers.
Looking beyond technology
Desausoi said while technology has a role to play in cyber security, banks need to understand that no single technology will solve the problem and they need to look beyond technology to examine their processes and ensure their employees have the necessary training and support they need.
“The best way to find attackers is to look for abnormal activity, although defining ‘normal’ activity is a never ending quest,” he said.
Swift plans to continue to support customers by helping them acquire and develop as many detection capabilities as possible.
“We want banks to take ownership of the challenge and to engage with law enforcement at their own pace [in terms of attribution and prosecution],” said Desausoi.