As a bank customer, I congratulate you on decades of smooth, high quality service. However, as a global body whose mission is to deliver funds between banks safely, the last few months have been, with respect, challenging.
Recent incidents in Bangladesh and elsewhere have damaged your credentials immensely. Your initial defence, that the breaches were largely the banks’ responsibilities, was quite remarkable. We’ve all thoroughly understood that the strength of the network is no greater than the strength of the weakest link. We just wish you had understood that before the rest of us.
The worse news is that this was almost entirely avoidable with the right controls in place. IT security and the underlying software quality are interlinked. If you took a closer look at the network beyond your walls, yet still within your grasp, you would have seen that something was not quite right.
It is now clear to all that your responsibility includes the means required to access your network. This is where you need to be taking an active role. We realise it’s going to be a lot of work to raise the lowest common denominator in your network. Here are some quite straightforward steps we would like to humbly submit to your consideration:
1. Scan your core systems once more for structural coding issues. The issues you recently faced should actually help focus this work. Use CAST, or one of its many professional services partners, to deliver this on time and to budget.
2. Review the software you recommend to banks in your network and ensure it complies with independent code quality standards, such as those endorsed by CISQ.
3. Regularly audit all bank-side software that in any way connects to the SWIFT network to ensure it complies with CISQ standards.
4. Withdraw SWIFT support temporarily for those who fail to continuously improve the structural reliability and security of their systems.
5. Name and shame those who repeatedly fail on this. Confidence will accrue to those you can objectively measure are improving their code quality.
With alternative payment methods abounding, now is the best time for SWIFT to show its true leadership, regain the trust of the world’s banks and their customers. Without that trust, there could be further tough times ahead. With full confidence in the robustness and security of the systems you support, you (and the rest of us) can look forward to many more decades of high-quality service.
Regards from an optimistic realist,
Lev Lesokhin
1. Scan your core systems once more for structural coding issues. The issues you recently faced should actually help focus this work. Use CAST, or one of its many professional services partners, to deliver this on time and to budget.
2. Review the software you recommend to banks in your network and ensure it complies with independent code quality standards, such as those endorsed by CISQ.
3. Regularly audit all bank-side software that in any way connects to the SWIFT network to ensure it complies with CISQ standards.
4. Withdraw SWIFT support temporarily for those who fail to continuously improve the structural reliability and security of their systems.
5. Name and shame those who repeatedly fail on this. Confidence will accrue to those you can objectively measure are improving their code quality.
With alternative payment methods abounding, now is the best time for SWIFT to show its true leadership, regain the trust of the world’s banks and their customers. Without that trust, there could be further tough times ahead. With full confidence in the robustness and security of the systems you support, you (and the rest of us) can look forward to many more decades of high-quality service.
Regards from an optimistic realist,
Lev Lesokhin
Executive Vice President of Strategy and Analytics
CAST
No comments:
Post a Comment