THANK YOU FOR SUBSCRIBING
By Guy Sheppard, Head of Financial Crime Compliance, APAC, SWIFT
Cyber and financial crime are traditionally seen as separate disciplines requiring distinctive preventive and management measures. With the emergence of new challenges and more sophisticated cybersecurity breaches in recent years, the two functions have started converging. Financial crime risks today originate from a number of new sources, including vulnerabilities stemming from digitization and automation, integration of financial systems within countries and internationally, and also a substantial growth in digital trade transactions.Cybercriminals are well-organized and the most active groups observed in SWIFT member bank hacks are focusing on asset theft and demonstrating, with increased frequency, an excellent knowledge of the SWIFT system. They are patient, and the average reconnaissance period exceeds 100 days. They are also evolving and counter updating InfoSec protocols by gaining security accesses to circumvent multi-factor authentication, or crashing the system entirely to disrupt fund recovery exercises, as well as increasingly launching their attacks in plain sight during peak periods as opposed to out-of-hours as they used to do. In some instances, they are collaborating with traditional enemies of bank financial crime teams, such as organized criminal gangs, to assist in cash-outs. This may explain why threat actors like Bluenoroff, a financial systems specialist division of the now infamous Lazarus group, appear to have preferences for the profile and geographical location of the victim banks. In some cases, the same bank has been hacked multiple times. For this reason, institutions are finding that the existing approaches for addressing cyber and financial crime are not sufficient when employed in silos. Collaboration across both fields becomes necessary for organizations to become more efficient and effective at understanding and managing this very dynamic and new type of risk.