The SWIFT banking attacks, in which certain international banks suffered network breaches, were a huge wake up call for many in the cybersecurity space. Why? Generally, they involved transfers made (based upon messages allegedly received from their banks, who were really attackers in disguise) from the United States Federal Reserve. These messages were sent through the SWIFT bank messaging system, the primary method for international bank transfers that are used by 11,000 financial institutions in 200 countries. The messages were then acted upon by the Fed, and allegedly lost over $81 million. No doubt this was a scary “message” that no system is truly secure, and that even some of the most secure systems in the world can be breached using relatively unsophisticated methods.
Rather than dwelling upon the obvious (that this is truly one of the most scariest scenarios we have seen since the Sony Pictures wiperware attack), we want to focus on what companies, banks, and financial institutions should be thinking in order to avoid such an attack. Here are a few things that we can take away and implement as a result of really thinking about the SWIFT attacks:
- Don’t Click on Unknown Links or Attachments: We’ve talked about the problem of spear-phishing many times in other articles. We won’t talk about it much here except to say that despite 3 years of advisories and 3 years of thinking about the problem, we have made little in any progress defeating this attack vector. According to PhishMe, an anti-spear phishing training and intelligence company, the amount of spear-phishing in the first quarter of 2016 increased to 6.9 million, up 789 percent. What can you do to lessen the risk of spear-phishing attacks against your employees, officers and directors? Conduct employee awareness programs geared not only at mere employees, but aimed at specific departments in your company (e.g., your finance department or your IT Department). As PhishMe will tell you, training works. Also, for not a great cost companies can add to their network sophisticated email filters which can help trap rouge and potentially malicious emails. There is no reason that spear-phishing attacks need to ruin your day, week or month. They can be dealt with. Not perfectly. But the risk can be dealt with.
- Patch Your Network Vulnerabilities as Soon as Practicable: This problem deals with the lack of perfection in software and coding. No one is perfect, and attackers pray on lack of perfection in finding holes in software and then using these vulnerabilities to attack companies. Some vulnerabilities are so minute that only the most sophisticated attacker could find and exploit them. Every Tuesday (called “Patch Tuesday”) companies come up with patches for “known” vulnerabilities. Some companies are very good at patching their network, some not so much. And the not so good are “low hanging fruit for attackers.” Our advice: identify your most critical systems, identify your most critical software programs, and identify the systems that can literally shut you down if they are breached. For those systems, swiftly patch them within 48-72 hours before an attacker can take advantage of them. For negligible or less important systems, patch them later in the week. But don’t delay in patching what you can as soon as you can. If you are understaffed and undermanned, investigate automated patching solutions.
- Am I Vulnerable? Have I Been Breached? Have I Been Compromised? These are basic questions, and there are basic network assessments that can be done in order to make sure your network is secure, and thus not subject to potential compromise. These assessments are not costly. And they are invaluable.
None of these takeaways are hard. None are very costly. Yet all have the potential to reduce your risk to a cyber attack. Don’t be low hanging fruit. Do what you can to secure your network. Use peacetime wisely. Swiftly lower your risk by taking advantage of these basic features of cybersecurity blocking and tackling. You won’t regret it.