FINAL WORD
ABOUT
Eric Eifert is Senior Vice President of Managed Security Services at DarkMatter . Within his vast cyber security experience , he has built , operated , and managed Security Operations Centres in multiple geographies including for the U . S . Department of Justice , U . S . Federal Bureau of Investigations , U . S . Department of Agricultural , U . S . House of Representatives , and many more . Eric was also previously Programme Manager for the U . S . Department of Homeland Security ’ s Continuous Diagnostics and Mitigation ( CDM ) programme .
the current global financial industry ’ s go-to resource for cyber and physical threat intelligence analysis and sharing called the FS-ISAC , or the Financial Services Information Sharing and Analysis Centre .
Banks have long been targets of hackers , and have racked up hundreds of millions of dollars in costs to cover purchases made on counterfeit credit cards resulting from data breaches at retailers . Financial institutions demand robust cyber defences , and J . P . Morgan , for example , is set to spend U $ 600 million on cyber security efforts this year alone , having fallen victim to a cyber breach a couple of years ’ back when the names , addresses and other information of 76 million customer households were exposed . Thankfully no money stolen on this occasion .
On its part , SWIFT is working hard to combat the escalation in cyber attacks and successful hacks . In the middle of August 2016 the society announced the launch of a campaign to increase awareness for existing security features in its interface products . The campaign forms part of SWIFT ’ s Customer Security Programme and aims to help users apply existing security features to better protect their SWIFT access .
SWIFT said its products include a wide range of inbuilt security tools and functionalities allowing customers to protect their access to the SWIFT network and safely manage their correspondent relationships . The new campaign is set to focus in particular on raising awareness for SWIFT ’ s Relationship Management Application ( RMA ) and 2-Factor Authentication ( 2FA ) in SWIFT products .
Again , we see this as a further step in the right direction , and advise that SWIFT and all its users and ecosystem participants quicken their pace to undertaking and instituting a robust mitigation programme encompassing visibility , intelligence and integration of their digital assets .
Visibility means truly understanding the configuration of the network and most importantly who has access to it . Large companies in particular , often maintain networks patched together over decades , running different generations of software . It ’ s a simple truth that one can ’ t protect what one doesn ’ t understand ; a thorough audit is vital at the start of any mitigation process . Sophisticated mapping software can certainly accelerate this process , but ultimately a comprehensive audit requires people on the ground to ask the right questions and find the location of servers and access rights .
Intelligence relates individual system ’ s characteristics to the known threats and a network ’ s vulnerabilities in relation to them ; it takes the threat intelligence gathered in the risk assessment process and relates it to the specifics of the organisation ’ s system .
Integration aggregates the information found in the first two phases , and displays it in a format that can be readily understood by decision makers to enable them to act quickly . In particular , attacks should be logged and diagnosed in a systematic fashion .
86 INTELLIGENTCIO www . intelligentcio . com