Nybf2014.cyber threats.final

100 %
0 %
Information about Nybf2014.cyber threats.final
Finance

Published on March 12, 2014

Author: SWIFTcommunity

Source: slideshare.net

SWIFT Business Forum New York 1SWIFT Business Forum New York - March 4, 2014 #BFNY

Cyber Threats The Battle Continues March 04th 2014

Agenda • Excerpts from Cyber Security Session at SIBOS 2013 – Internal Threats – Security Spending – Cyber Attacks – Hack-tivism – What keeps you up at night? – Regulation • What can SWIFT do? – An innovative idea 3SWIFT Business Forum New York - March 4, 2014

4SWIFT Business Forum New York - March 4, 2014

Internal Threats • Traditional practices still important • Know your data • Technologies to detect out of character activity – Anticipate errors – Spot patterns to detect • Education • Road test procedure • Lock down • Fast response & recovery is key • There are no guarantees • There's more to do 5SWIFT Business Forum New York - March 4, 2014

6SWIFT Business Forum New York - March 4, 2014

Security Spending • Spending on security is growing • Cycles of investment – Prevention – Detection – Rapid response – Recovery and business continuity • Board level issue • Attacks and solutions continuously evolve 7SWIFT Business Forum New York - March 4, 2014

AM Business Forum 2014 - Messaging Protocols 8

Cyber Attacks • Attacks are growing • More sophistication • Intelligence sharing is key • Softer targets are vulnerable • Technology is fundamental • Telecom providers are vital resources 9SWIFT Business Forum New York - March 4, 2014

10SWIFT Business Forum New York - March 4, 2014

Hack-tivism • Not driven by profit • Willing to take more risk • Motivations are different • Deeper pockets • State-sponsored? 11SWIFT Business Forum New York - March 4, 2014

12SWIFT Business Forum New York - March 4, 2014

What Keeps You Up at Night • There is always the next threat • Not just protecting your own institution • Interconnected world • Need a playbook • Exercise your defenses 13SWIFT Business Forum New York - March 4, 2014

14SWIFT Business Forum New York - March 4, 2014

Regulation • Policies not prescriptive regulation • Public Private Partnership • Soft targets will be repeatedly attacked • Collaboration beween regulators is vital • Joint exercises – i.e. Quantum Dawn 2 15SWIFT Business Forum New York - March 4, 2014

16SWIFT Business Forum New York - March 4, 2014

Summary • These events will occur • How will we recover • Think about issue in advance • It is a risk issue, not an IT issue • Have the intel • Monitor • Be able to respond & investigate 17SWIFT Business Forum New York - March 4, 2014

AM Business Forum 2014 - Messaging Protocols 18

SWIFT on Cyber Security SWIFT CEO Gottfried Leibbrandt spoke at the European Commission High Level Conference on Cyber-Security in Brussels on February 28th • The cyber threat is very real and persistent • Cyber-attacks are getting ever more sophisticated, better organised and funded • Cyber concerns are not new for SWIFT • The network meets the highest standards in terms of confidentiality, integrity and availability • As a global infrastructure, we would like to see: – International coordination – Standards – Vibrant ecosystems of experts and providers 19SWIFT Business Forum New York - March 4, 2014

Using SWIFTNet Browse as a contingency channel Arnaud Boulnois: head of product management Messaging. Arnaud.boulnois@swift.com March 04th 2014

21 SWIFTNet Browse can provide a ready-to-use secure and reliable channel for users to access web applications, when the normal connectivity path is unavailable. SWIFT Business Forum New York - March 4, 2014

Normal service: 22 User Service Provider Web Server www.webap1.bankABC.com Web address: www.webap1.bankABC.com SWIFT is used to support STP flows: - FileAct - MT over the FIN platform - iso20022 via IA S&F Internet is used as the main channel to support web based applications. They provide: - manual data entry. - consultation of statement and position - manual upload / download of files. SWIFT Business Forum New York - March 4, 2014

For reasons that many service providers have experienced, the internet channel can be unavailable, and outages can last days… Next slides explains how SWIFT solutions allow the bank and its customers to continue to do business in a secured environment 23SWIFT Business Forum New York - March 4, 2014

Solution for the Bank: be ready to manage Browse service via SWIFTNet 24 webap1.bankABC.browse.swiftnet.sipn.swift.com STEP 1 - Register as a SWIFTNet Browse service provider - Integrate the web application with SWIFT “federated identity platform”, using SAML 2.0 technology - Publish your service on swift.com user Service Provider X SWIFT Business Forum New York - March 4, 2014

Solution for the bank’s customers: be ready to reach the service via SWIFT There will be 2 ways to reach the service: Via the SWIFT private network (option 1). Over Internet via SWIFT Internet Service Providers (option 2). 25 User Service Provider webapp1.bankABC.browse.swiftnet.sipn.swift.com X STEP 2: - Have customers registered into the service - Have one valid SWIFT certificate per user (SWIFTNet certificate and 3skey later). - Make sure connectivity is available. Option 2: Internet Option 1: Secured private network Secured private network SWIFT Business Forum New York - March 4, 2014

Service key characteristics • No emergency activation or provisioning • Can also be used as primary channel Service is available immediately • Re-use existing SWIFTNet infrastructure • Make sure you have the correct bandwidth • Make the best use of your SWIFT spare capacity Setup is easy • Can reach via internet or SWIFT network • Minimize loss of access to web application Will also help your customers • Shutting down one channel has less impact on the business. Will make your operations easier 26SWIFT Business Forum New York - March 4, 2014

Service provider: setup and activation of the service Register as service provider on Browse (use SPF Form with assistance of SWIFT). Wait for SWIFT to provision the service and create dedicated www.swift.com registration page for service users. Define connectivity solution to make the Web Server reachable via SWIFTNet and Integrate it with SWIFT IDP. Validate users registrations (same process as MA-CUG registration management).  27SWIFT Business Forum New York - March 4, 2014

Service user: activation process for SWIFTNet users (option 1). Have institution registered into the service (via www.swift.com dedicated page) Get confirmation from SWIFT that the bank has accepted the request. Install security device, webplatform, create certificate, update DNS and proxy settings. Test and validate connectivity.  28SWIFT Business Forum New York - March 4, 2014

SWIFT connection provides peace-of-mind 29 • Highly available connectivity "ready-to-use" • Secure and reliable infrastructure - used by many financial institutions and corporates worldwide • Several connectivity options available (bandwidth, resilience, etc) • Corporate users can re-use their infrastructure • Easy to integrate in your web server environment • Strong user authentication by SWIFT • Consultancy services available for smooth implementation SWIFT Business Forum New York - March 4, 2014

Easy ordering and implementation steps 30 • No charges to corporate user • Service provider pays yearly fee to cover all traffic (fixed fee per year to connect a number of users) • Use our consultancy services to o analyse capacity (eg bandwidth) requirements and upgrade if required o integrate the solution in your web server environment • Define and setup the service with SWIFT (such as URL) • Ask your corporate users to subscribe SWIFT Business Forum New York - March 4, 2014

Q&A 31SWIFT Business Forum New York - March 4, 2014

32 Thank you SWIFT Business Forum New York - March 4, 2014

Please provide us with your feedback! • Kindly complete the survey form and submit upon exiting 33SWIFT Business Forum New York - March 4, 2014

Beyond GDP: What is real wealth 34SWIFT Business Forum New York - March 4, 2014 John C. Havens The H(app)athon Project #BFNY

Add a comment

Related presentations

Related pages

11. Daisuke Kamai_TSU BPO

11. Daisuke Kamai_TSU BPO Presentations & Public Speaking presentation.
Read more