No room for the weak says Swift CEO
Leibbrandt warns vulnerable banks on cybersecurity
You are the weakest link. Goodbye. Banks with inadequate cyber defences could find themselves booted off Swift’s payment network, warns Swift CEO Gottfried Leibbrandt.
The threat from Leibbrandt follows a spate of hacks. Investigators are looking at more potential computer breaches following three attacks – a $101 million cyber heist in Bangladesh – the biggest cyber heist in history; Vietnam’s Tien Phong Bank stopping an attempted wire fraud; and Ecuador’s Banco del Austro losing around $9 million.
In an interview with the Financial Times, Leibbrandt says: “The days when you needed to break into a bank and carry guns and blow torches are over.”
He adds: “You can now rob a bank from just your own PC and that does change the game completely.”
Swift unveiled a five-part plan to reinforce security across its network after the incidents, but the latest fighting talk from Leibbrandt shows Swift wants more to be done.
In the interview, Swift wants better cyber security from the 11,000 banks on the system.
“We could say that if the immediate security around Swift is not in order we could cut you off, you shouldn’t be on the network,” Leibbrandt says.
“There are pros and cons to that. The pros are that it provides clarity that if you are on the Swift network you need minimum standards,” he says. “I think the con is if you do it too heavy handed you could drive people to unsafe channels.”
Leibbrandt says Swift is talking to financial regulators — including the Bank for International Settlements and the Financial Stability Board — about “making its security requirements part of their global supervisory standards”.
He says: “Maybe some banks say if you comply only with the lowest standards we can’t do business with you or we can do business with you but we have to put in additional controls.”
It is unusual for Swift to exclude banks from its network, but not unprecedented. For non-hacking reasons, it was forced to exclude some Iranian banks because of European sanctions in 2012. They were reconnected to Swift’s payments system this year.
Nobody knows the conclusion of the Swift hacking saga yet, but Leibbrandt says: “I think the ultimate list of actual breaches, at least to date, will turn out to be lower than ten.”
“I don’t think you can ever stop this from happening entirely. There will be more attempts and some of them will be more successful. But by managing all these layers of defence you can make it into a manageable nuisance rather than a life-threatening situation.”
