That was the opening remark from Pierluigi Collina in his closing keynote at #GartnerSEC yesterday. ‘It could be worth $150M’ in a Champions League Final.
“Decision Making Under Pressure” was the title of his presentation and it was a brilliantly engaging talk. It’s amazing the lessons that can be learned, and indeed the lengths to which FIFA have gone, to referee the beautiful game.
Three things really stood out to me and are applicable from the sporting world into cyber space.
Do your research
“The thinking used to be that being fit and knowing the rules was enough to be a good referee.”
…
This post is the final part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking with the eighth principle: Plan for Incident Response and Information Sharing.
This applies to those with on-premise SWIFT implementations and those using a bureau service. Having robust and clear response plans can significantly reduce the impact of an attack on your business.
What’s the risk?
In the high profile cases of attacks against banks’ SWIFT infrastructure in the news the attackers had been present on the bank’s network…
This post is the seventh part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking at the sixth principle: Detect Anomalous Activity to Systems or Transaction Records.
This applies to those with on-premise SWIFT implementations and those using a bureau service, to protect systems from malware infection and log important security events generated by systems.
What’s the risk?
Using anti-virus helps protect your computer from malicious code and notify you if attempts are made to infect it. Logging security events ensure you can…
This post is the sixth part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking at the fifth principle: Manage Identities and Segregate Privileges.
This applies to those with on-premise SWIFT implementations and those using a bureau service. The purpose of controls here are to ensure you understand who has access to your systems and that they have the right — and no more — privileges than are required to do their job.
What’s the risk?
Poor identity and privilege management can result…
This post is the fifth part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking at the fourth principle: Prevent Compromise of Credentials.
This applies to those with on-premise SWIFT implementations and those using a bureau service. It is intended to ensure you have a suitable password policy and use multi-factor authentication to protect your Operator PCs and secure zone around your SWIFT gateway.
What’s the risk?
Without a suitable password policy there is an increased risk of an attacker being able to…
This post is the fourth part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking at the third principle: Physically Secure the Environment.
This applies to those with on-premise SWIFT implementations and those using a bureau service. It is intended to minimise your exposure to vulnerabilities that arise from unauthorised persons having physical access to your technology.
What’s the risk?
If you do not control physical access to your technology then the likelihood of an insider or malicious party being able to tamper…
This post is the third part of an eight-part series helping business leaders seeking assurance that their teams have correctly complied with the new controls regime.
In this post we are looking at the second principle: Reduce Attack Surface and Vulnerabilities.
This applies to those with on-premise SWIFT implementations and those using a bureau service. It is intended to minimise your exposure to vulnerabilities that an attacker will have known about and to prevent attackers using default settings to gain access to your systems.
What’s the risk?
Your payments infrastructure naturally has, and indeed needs, the ability to initiate transactions…
This post is the second in an eight-part series helping business leaders who are seeking assurance that their teams have correctly complied with the new SWIFT Customer Security Programme (CSP) controls regime.
In this post we are starting with the first principle: Protecting your Critical Systems from your General IT environment.
This applies if you have a local SWIFT environment, for example you licence the messaging and communication interface, use SWIFT Alliance Remote Gateway or Alliance Lite2. …
The high-profile cyber attack that saw hackers attempt to steal nearly $1 billion from Bangladesh’s central bank, is the largest bank heist in history. This demonstrates how sophisticated cyber-criminals are becoming increasingly ambitious in their use of technology to appropriate money undetected, before swiftly moving it around the world.
SWIFT has established the Customer Security Programme (CSP) to help SWIFT customers safeguard their local environments and to reinforce the security of the global banking system.
The CSP is articulated around three mutually reinforcing areas:
- secure and protect their local environment (You);
- prevent and detect fraud in their commercial relationships (Your…
