Strengthening your fraud and cyber-crime protection controls. March 2017

Similar documents
Customer Security Programme (CSP)

SWIFT Customer Security Programme

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

External Supplier Control Obligations. Cyber Security

The GDPR Are you ready?

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Cyber security and awareness for non-financial services. 24/25 May 2017

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Security. It s not just about technology. May 2017

SWIFT Response to the Committee on Payments and Market Infrastructures discussion note:

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Information Security Controls Policy

SFC strengthens internet trading regulatory controls

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

CYBER RESILIENCE & INCIDENT RESPONSE

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

Digital Health Cyber Security Centre

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

Physical security advisory services Securing your organisation s future

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Cyber Security Program

Security Awareness Training Courses

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

How to avoid storms in the cloud. The Australian experience and global trends

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Cyber Security. Building and assuring defence in depth

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cyber Security Technologies

SOC for cybersecurity

Cyber Security Incident Response Fighting Fire with Fire

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

the SWIFT Customer Security

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

NYDFS Cybersecurity Regulations

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity The Evolving Landscape

Cyber Security Issues and Responses. Andrew Rogoyski Head of Cyber Security Services CGI UK

Cybersecurity. Securely enabling transformation and change

Global Security Consulting Services, compliancy and risk asessment services

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

How Secure is Blockchain? June 6 th, 2017

Sage Data Security Services Directory

Data Sheet The PCI DSS

Cyber fraud and its impact on the NHS: How organisations can manage the risk

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Secure Access & SWIFT Customer Security Controls Framework

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Business Resilience & Incident Response Are You Ready?

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cyber Risks in the Boardroom Conference

Texas Department of Banking United States Secret Service January 25, 2012

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Governance Ideas Exchange

The University of Queensland

Combating Cyber Risk in the Supply Chain

Cyber Crime Seminar 8 December 2015

Turning Risk into Advantage

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

HCL GRC IT AUDIT & ASSURANCE SERVICES

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Cybersecurity and Nonprofit

Effective Cyber Incident Response in Insurance Companies

Protecting information across government

Defensible Security DefSec 101

DIGITAL TRUST Making digital work by making digital secure

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

CISO as Change Agent: Getting to Yes

Contact us What makes us different Dinesh Anand Our offices Forensic Bangalore Kolkata Cutting-edge technology to deliver more efficiently Services

Cyber Security Strategy

A new approach to Cyber Security

Keys to a more secure data environment

Security by Default: Enabling Transformation Through Cyber Resilience

Headline Verdana Bold

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Cybersecurity and the Board of Directors

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Cybersecurity Session IIA Conference 2018

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Maintaining Trust: Visa Inc. Payment Security Strategy

BHConsulting. Your trusted cybersecurity partner

Cyber Fraud What can you do about it?

CYBER SOLUTIONS & THREAT INTELLIGENCE

Transcription:

Strengthening your fraud and cyber-crime protection controls March 2017

Audience question: What is your role within your institution? a) Payment operations / cash management / treasury services b) Compliance c) IT / Technology d) Security / information security e) Other 2

Speakers Name Position Relevant experience David Ferbrache Technical Director Cyber Security, KPMG UK David has over 25 years experience of all aspects of cyber defence dealing with the most sophisticated and disruptive cyber attacks, and the is the lead for Cyber Defence Services in the UK Previously Head of Cyber and Space for the Ministry of Defence in the UK. Defending MOD against high end cyber threats, leading cyber policy for MOD and international relations on cyber issues, sponsor for the Defence Cyber Security Programme. MOD lead on Central Government cyber contingency planning and exercises Extensive experience of threat scenario development and cyber risk assessment, including previous end-end security assessments for UBS, and for over a dozen financial institutions in the UK and Switzerland Board and executive committee engagement on cyber security issues, including design and delivery of senior cyber wargaming and exercising of diverse cyber attack scenarios Name Position Relevant experience Bedria Bedri (Bia) Partner, Cyber Security, KPMG UK Bia is an experienced consultant with 20 years industry knowledge, leading large-scale complex transformation and change programmes to enable clients to effectively manage emerging cyber threats, risk and regulatory expectations whilst delivering business objectives, innovation and growth. As a Partner, Bia s focus has been developing client relationships in the market with a very strong network of organisations at senior levels who trust Bia as an advisor and delivery lead. Bia s clients include leading global banks, where consistent high quality, leadership and partnership with clients has been key to a successful track record in delivering clients multi-million pound programmes, managing large teams of 50+ in multiple geographies including client teams and third party suppliers. Bia has excellent communication skills and is well traveled with advisory experience gained in the UK, EMA, ASPAC, and the Americas. Bia publishes in the UK and global media as a thought leader in cyber security space and has links into business and academia such as Royal Holloway, University of London. 3

Speakers Name Position Relevant experience Dr. Tony Wicks Head of AML and Fraud Prevention Initiatives For over 20 years, Tony has worked with leading financial institutions to provide technology solutions for regulation, compliance and fraud detection. Tony is currently working as part of the SWIFT Customer Security Programme, heading up Your Counterparts focus area. Working in Financial Crime Compliance at SWIFT, Tony is creating utility based solutions to help institutions meet their financial crime compliance obligations. These solutions help institutions maintain AML and sanctions compliance, manage regulatory risk, prevent fraud, and ensure effectiveness and increase efficiency. Tony holds a PhD in Signal Processing from the University of Warwick. 4

Audience question: What do you think are the greatest areas of weakness to cyber-threats? (pick three) a) Human factors b) Email compromise c) Infra-structure and connectivity d) Computing environment e) Physical security controls 5

Cyber Security Risks to SWIFT Members

Ruthless and Rational Entrepreneurs 2016 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 7 Document Classification: KPMG Confidential

Ruthless and Rational Entrepreneurs 2016 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 8 Document Classification: KPMG Confidential

Ruthless and Rational Entrepreneurs 2016 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 9 Document Classification: KPMG Confidential

Funds Transfer Attacks January 29 February 5 February 9 March 15 Attackers install SysMon on bank server for internal system level reconnaissance No overnight printouts received by bank staff. Another fraudulent account opened up at Rizal Bank. Branch manager at Rizal Bank approves withdrawals for $81m under confirmed threat Bangladesh Central Bank Governor resigns May 2015 Jan 2016 Feb Mar Apr May May Attackers open multiple fraudulent accounts at Rizal Bank Philippines for stolen funds. From this point on hackers likely did reconnaissance to identify targets to gain access and then penetrate the banking system. February 4 35 payment requests against Bangladesh Central Bank totalling $951m February 6 February 8 Manual printouts from server reveal suspicious activity. Stop payment orders issued against transactions from February 4th February 11 Government anti-money laundering agency started investigation April 25 Discovery of potential malware used the bank heist. February 2016 - Bank of Bangladesh June 2016 Ukrainian Bank attacked October 2016 Multiple countries Possible links to Carbanak Russia 2016 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 10 Document Classification: KPMG Confidential

Audience question: What measures are most effective in dealing with insider frauds and cyber threats? a) Staff training and awareness b) Employee vetting c) Enhanced IT security / logging and control d) Penetration testing e) Fraud detection tools 11

Security Good Practice Basic Hygiene Protecting the Environment Protecting the Business Detection, Response & Recovery Policy & Standards (defined and consistently applied) Network Security & Architecture (internal, external, perimeter, segmentation, content / malware scan) Infrastructure Maintenance (unsupported s/w, patching, configuration) Access Management (roles, SoD, joiner, mover, leaver, privileged) Physical Access (social engineering, 3 rd party, unauthorised devices, removable media Education & Awareness (awareness of threats, risks, policies, remote/home working, incident reporting) Business Access Management (business roles, JML and periodic Certification) Organisational Culture (employees are the first line of defence, malware, phishing) Security Monitoring (continuous policy monitoring, critical events, threat intel) Log & Intelligence Analysis (unusual events or anomalies indicating suspicious trends or attacks) Response (planning, analysis, containment, mitigation) Recovery (planning, capability, communication) Continuous Improvement (ongoing improvement) People Processes Technology Information & Cyber Security Frameworks ISO 27001 Information Security NIST Cyber Security Framework CESG 10 Steps to Cyber Security Cyber Essentials Certification Scheme ISO 27032 Cyber Space PCI-DSS / Swift / other 2016 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 12 Document Classification: KPMG Confidential

Bia Bedri Partner, Cyber Security Tel: +44 (0) 207 311 5278 bedria.bedri@kpmg.co.uk David Ferbrache Technical Director, Cyber Security Tel: +44 (0)7545 124116 david.ferbrache@kpmg.co.uk kpmg.com/uk The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. For full details of our professional regulation please refer to Regulatory Information at www.kpmg.com/uk The KPMG name and logo are registered trademarks or trademarks of KPMG International. Create KGS: CRT066073A Document Classification: KPMG Confidential

Audience question: What measures do you already apply in your business to address cyber-threats? (tick all that apply) a) Two-factor authentication b) Maker checker (four-eyes) review c) Anti-virus d) Payments reconciliation e) Fraud detection 14

SWIFT Customer Security Programme Your Counterparts Prevent and Detect Tony Wicks

Customer Security Programme Modus Operandi Common starting point has been a security breach in a customer s local environment Step 1 Step 2 Attackers Attackers compromise obtain valid Step 3 Attackers submit Step 4 Attackers hide In all cases, the SWIFT s network and core messaging services have not been compromised customer's environment operator credentials fraudulent messages the evidence Attackers are wellorganised and sophisticated 16

Audience question: Are you planning to re-evaluate your security controls? a) Within the next 3 months b) 3 6 months c) Within a year d) Within the next 3 years e) We do not plan to do any re-evaluation 17

SWIFT Customer Security Programme (CSP) Framework Customer Security Programme While all SWIFT customers are individually responsible for the security of their own environments, a concerted, industry-wide effort is required to strengthen end-point security On May 27th 2016 SWIFT announced its Customer Security Programme (CSP) that supports customers in reinforcing the security of their SWIFT-related infrastructure CSP focuses on mutually reinforcing strategic initiatives, and related enablers 18

CSP Your Counterparts Your Counterparts Prevent and Detect 1. Clean-up your RMA relationships 2. Engage with us on market practice 3. Put in place fraud detection measures 19

CSP Relationship Management Application (RMA) RMA and RMA plus Poor management of RMAs creates potential security risks Wolfsberg guidance means banks are under greater regulatory pressure to control RMAs Only 40% of RMA relationships are actively used Unilateral RMA revocation is now easy and is confirmed within 15 minutes RMA and RMA Plus: managing your correspondent connections info-paper provides details on best practice 20

CSP Market Practice Getting the basics right is the first defence against cybercrime What should you do? 1. Encourage the use of confirmations for all payments (MT900 / MT910) 2. Check that confirmations and statements (MT940 / MT950) are as expected 3. Avoid using free format messages to change payment instructions 4. Know how to respond in the event of fraud - use the FRAD code when sending cancellation messages 5. Report any incidents to SWIFT Support https://www.swift.com/myswift/customer-security-programme-csp_/document-centre 21

CSP Daily Validation Reports A simple, secure way to validate your SWIFT transaction activity and understand your payment risks Validates Back-office with Detects Incident response with Secures Data protection 22

CSP Daily Validation Reports Activity Reporting reports aggregate daily activity by message type, currency, country and counterparties with daily volume and value totals, maximum value of single transactions and comparisons to daily volume and value averages Risk Reporting - highlights large or unusual message flows based on ordered lists for largest single transactions and largest aggregate transactions for counterparties, and a report on new combinations of counterparties to identify new relationships New Counterparties Reporting - highlights any new combinations of direct and indirect counterparties. Makes it easy to identify new payment relationships that may be indicative of risk, and helps you quickly understand the values and volumes of the transactions involved 23

CSP Daily Validation Reports Addressing the threat 1 Validates activity 11 fraudulent payments totalling $150M Bank X Highlights unusual payments 10 fraudulent payments totalling $100M 2 My Bank Bank A Bank B Bank Y 1 fraudulent payment of $50M Identifies new counterparties 3

Q&A 25

www.swift.com Power Point template - You can edit footer content by going into 'Insert' tab > 'Header & Footer' 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback