SWIFT is a global banking messaging system used by thousands of financial institutions over the world to transfer billions of dollars each day. For known cases of attacks, the reason is drilled down to the local security of the financial institution itself. Weak security controls allows hackers to circumvent the bank’s local security systems, gain access to the messaging network and send fraudulent messages to initiate and modify cash transfers.
All SWIFT users have to attest to their level of compliance with a set of mandatory controls as described in the Customer Security Controls Framework (CSCF), which are prioritized to set realistic near-term goals, for noticeable increase in security posture and lower risk. With the release of the Customer Security Controls Framework (CSCF) v2020, SWIFT mandates that attestations will be required to be independently assessed by qualified assessors, in accordance to the Community Standard Assessment for better accuracy of the attestations.
- Internal assessment carried out by the company’s second- or third- line of defense such as the users’ internal compliance, internal risk of internal audit departments (independent from the first line of defense function submitting the attestation); or
- External assessment carried out by an independent external organization with cyber security assessment experience and individual assessors who have relevant security industry certification.
As a minimum, the security assessments must cover all mandatory controls in the latest version of the Customer Security Controls Framework (CSCF) which are applicable based on a user’s CSP architecture type and infrastructure. Users that have attested against advisory controls may also include these controls during the evaluation by the assessor.
It is critical to identify a trusted independent cyber security assessor that can assist in validating the controls deployed. LGMS – LE Global Services Sdn Bhd provides CSP assessment support related to the SWIFT CSP Programme, and fulfills the following criteria for cyber security service providers:
i. Deep experience in cyber security services,
ii. Trusted credentials for cyber security services,
iii. Core competencies and focus in providing cyber security services,
iv. Good reputation & commitment to customers in the financial industry
With over 15 years of cyber security industrial experience in providing professional and objective cyber security assessments, LGMS is also certified in ISO/IEC 27001, accredited by CREST and having our cyber security testing methodologies recognized by TÜV Trust IT.