New Framework for SWIFT => RIFFLE?
Over 11,000 banks must introduce a new framework structure that can only be introduced because of transparency ... The framework is not all about security.
SWIFT, the international banking communications agreement that has been plagued by a series of cyber attacks including the hijacking of the Bank of Bangladesh in 2016, has applied a new security framework from January 1. Now, more than 11,000 SWIFT member banks operating in 200 countries must comply with this framework or pay for it.
Usually, it is common for organizations to lag time when applying industry regulations or frameworks because they believe that hackers are going to escape, and then the accident happens, the damage is reported as the damage, and the fine should be payed to the regulatory agency. However, SWIFT said "We cannot help but introduce this framework because it is transparent among its members."
SWIFT member banks must now adopt 16 security controls. This includes well-known security devices such as multiple authentication and continuous monitoring. Stephen Grossman, vice president of Bay Dynamics, says "The introduction is not too burdensome, but it cannot be said to be very secure." I cannot say that I did not do it because I did not know it as a bank, but it is interpreted as meaning that it is not enough to put the future trust of the financial industry into this framework.
11 other recommendations are also included in this framework. It does not have to be introduced as a requirement, but it is a good thing. There are vulnerability scannings and there are opinions that these should also be included as mandatory ones. Grossman is one of them. "The framework is also undergoing a revision process," he says. "It would be a pressing need for the next version to turn these 11 recommendations into mandatory ones."
Meanwhile, SWIFT emphasized that "the adoption of this framework does not mean that it has all the security measures." "The framework, which started on January 1, is the most basic thing, not security. Keeping only the SWIFT security framework cannot guarantee security, and you will need to provide extra security for each bank. "
Does it mean that it's time to move to the next round to RIFFLE?