Did you know that more than 11,000 banks and financial institutions worldwide rely on SWIFT – the Society for Worldwide Interbank Financial Telecommunications – to move “value” around the globe every day?
Founded in 1973, the Belgian-based member-owned cooperative does not actually transfer money or funds from one place to another. Instead, SWIFT relays and sends messages requesting payments between institutions, each with a unique ID code, in different countries.
As you might expect with an organization as expansive and far-reaching as SWIFT (i.e., 34 million transactions daily), there are fraudsters looking for ways to exploit the system with everything from cybercrime to money laundering. To stay one step ahead of the bad guys and keep up with an increase in fraudulent attacks on its network, SWIFT instituted a Customer Security Program (CSP) designed to detect and prevent fraudulent activity through a set of mandatory and transparent security controls, community-wide information sharing initiatives, and other security features. Within CSP, SWIFT’s Customer Security Controls Framework (CSCF) is composed of mandatory and advisory security controls for its users and their local SWIFT infrastructure.
Any organization that uses SWIFT’s interbank messaging network must comply with these new cybersecurity standards. Navigating these controls, all of which are updated on a regular basis, can be a challenge for even the most compliance-focused organization. That’s where Fortalice comes in…
WHAT FORTALICE CAN DO FOR YOU
CSP and CSCF are mandatory controls, representing the security baseline for a bank or financial institution. SWIFT also requires its users to regularly complete an Independent Assessment Framework, also known as a self-attestation, which is much like a review from the National Institute of Standards and Technology (NIST).
Fortalice’s Risk and Compliance team stands ready to help your organization navigate the critically important array of SWIFT-related controls and requirements. Understanding that no two organizations are exactly alike, our team will tailor your SWIFT compliance and regulatory requirements review to best meet your organization’s needs and objectives.
With years of experience supporting cybersecurity assessments, Fortalice will lead a thorough Community-Standard Assessment (CSP) to further enhance the accuracy of your attestations. With Fortalice guiding your every step along the way, we will provide you, your C-Suite, and key stakeholders the confidence, clarity, and compliance needed to ensure your organization's cyber security posture remains strong.
As an approved SWIFT Assessment Provider, Fortalice will help you validate alignment of controls with the SWIFT CSP guidelines and work alongside your internal audit team. Our extensive SWIFT CSP expertise will ensure all your requirements are met ahead of SWIFT’s required independent assessment.
For additional information on SWIFT assessments or any of our other service offerings, contact the team via email at firstname.lastname@example.org.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.
With this Fortalice Solutions' Client Advisory, we hope to provide important takeaways for organizations regarding the usage of conversational ChatGPT, and other, lesser-known AI platforms. While there are some very tangible benefits to ChatGPT, Fortalice believes strongly that there is a need for risk assessments, updated policies, and processes to protect intellectual property and company-sensitive information.