SWIFT confirms new cyber thefts, hacking tactics
This article by Tom Bergin and Jim Finkle for Reuters may be of interest to subscribers. Here is a section:
The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters.
The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York. The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.
Banks using the SWIFT network, which include both central banks and commercial banks, have been hit with a "meaningful" number of attacks - about a fifth of them resulting in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s Customer Security Programme, told Reuters in an interview on Thursday.
Much of the global economy is already online and the internet represents a major opportunity for emerging countries to skip several steps of economic development. Therefore we can anticipate the trend of digitisation to persist well into the future. However, most people’s passwords are woefully inadequate and tend to be replicated across platforms, for expediency’s sake, which makes it all too easy for criminals to acquire personal data.
Not all data is of equal value. A credit card sells for cents while medical records sell for much more. Medical fraud is one of the fastest growing crime sectors in the USA because healthcare is so expensive and hospitals generally do not have very effective firewalls. An additional obstacle to prevention is many companies invest in cyber insurance premiums rather than cybersecurity products as a means of managing their risk. That defeatist attitude only creates an even more fertile ground for criminals to act within.
This graphic from CBInsights highlights how many private companies are engaged in the various segments of cybersecurity and the cybersecurity section of the Chart Library is filled with many more. This tells us it is certainly a growing sector, the desire for security is real but the cost of losses will need to rise considerably if the sector is to truly realise its upside potential.
XL group, AIG and Chubb are among the largest underwriters of cybersecurity insurance coverage according to this article from cyberscoop.com and while not a pure-play they represent what might be considered a tangential play on the sector.