SWIFT CSP’s mandatory controls get more numerous and stringent with every yearly release, and it can be difficult for even the most tech-savvy banks to keep pace. Beginning in July 2020, for instance, self-attestations will require independent audit assessments that cover at least the mandatory controls. This audit can be conducted by an internal or external team, but SWIFT seems to be pushing for (and in some instances requiring) outside assessors to help banks understand their own compliance pictures.
Code source for encryption and other cybersecurity software is a sticky topic for many in the information security world. In one camp, you’ll find those who champion open source software as being inherently more secure. And opposite them, you’ll see those who say proprietary is the only way to go since open source has no accountability attached to it. The broader open-source vs closed-source debate has been raging for decades, since the early days of software. Both sides have their prominent proponents and just as prominent opponents.
Data, whether it’s in motion or at rest, is constantly imperiled by hackers and fraudsters. This means that encryption is more important now than ever—a fact that most businesses around the world are quickly catching onto. Even as the consensus grows around the importance of encrypting both caches of stored data and communications like emails and other messages, however, there isn’t really a unified theory of how best to implement encryption in way that makes operational sense while minimizing potential attack vectors. As a result, around two-thirds of businesses list cryptographic key management as either a medium or large challenge.
In a survey of several thousand IT professionals across a dozen countries, 57% of respondents said that encryption key management at their company was “painful.” In a similar study, the risk and cost associated with key management was, on average, rated a seven out of 10. Those percentages change from year to year, but as the importance of encryption becomes increasingly obvious across different sectors, the total number of businesses dealing with serious encryption key pain is only going to go up.
At a SWIFT-run business forum a few years ago, a handful of banking insiders gave a rundown of the cybersecurity threats that keep them up at night. Some of what they were worried about was predictable—giant data breaches running hundreds of millions of dollars, adversaries getting smarter and more sophisticated, etc.—but some of it displayed a little more nuance. Some were specifically worried that they might completely miss a cyberattack and only realize what had happened much later (which is hardly an implausible scenario). Others were worried about the high rate of false positives in anti-fraud operations.
Right now, your bank is probably vulnerable to costly cyber attacks. Why? Because, like most financial institutions, you probably haven’t implemented end-to-end encryption or robust endpoint protection. It’s easy to understand why something like this could fall through the cracks—no one wants to shell out for a complex software solution whose purpose they don’t fully get—but the next big cyber bank heist is coming, and you probably don’t want to be the victim.
The online world is a bit like the American Wild West 150 years ago. Most people are genuinely good and honorable and are just trying to live their lives. Then you have the gunslingers and train robbers, those people who today are hackers and scammers just trying to make a fast buck at the expense of those good people.
The FBI is warning businesses about a growing threat to their confidential data—the Business Email Compromise (BEC) attack. This isn’t a new form of cyber assault, by any means, however, it is on the rise at an alarming rate. Whether this threat has just come onto your radar or you’ve been monitoring it for a while, there’s never been a better time to take preventative measures..
Data is big news. Whether it’s a tech company selling their users’ personal information, or a credit card company having a data breach that affects millions of people and potentially millions of dollars—data is on people’s minds these days.