SWIFT Security Training (Special for Banking Sector)

Description

SWIFT Security Training (Special for Banking Sector)

Get Information

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is a system that provides an electronic fund transfer standard between banks all over the world. Swift started to be actively studied and used in 1977 and is still actively used today. This system identifies each bank through the BIC (Bank Identifier Codes) code, i.e. the bank identification code.

We can define SWIFT as the system used by banks for money transfers between countries. The transfer orders prepared at the banks are transmitted to the relevant center as SWIFT messages, and after a series of verification procedures, the money transfer takes place.

In recent years, international attacks targeting SWIFT transfers have led to some significant reputational damage and high financial losses. Many important banks in Turkey and internationally have fallen victim to these attacks.

SWIFT has released a comprehensive Customer Security Program (CSP) targeting the security of users to prevent these attacks, which are becoming more frequent and causing significant damage.

The SWIFT Customer Security Program is a security program created by SWIFT to detect and prevent fraudulent activity.

With this training, you will learn the Swift Customer Security Controls Framework (CSCF), that is, what are the mandatory and advisory security controls for Swift users, and all the detailed content on virtual security in the banking sector.

About Education

Education Objectives

  • Learn all controls, definitions and containers established in accordance with current information security industry standards,
  • Physical protection of the environment / Securing your environment,
  • Reducing the attack surface and vulnerabilities,
  • Learn about restriction of Internet access and network segmentation,
  • Prevent username and password information breach,
  • Manage user authorizations,
  • Ability to detect abnormal activity in systems or transaction logs,
  • To be able to organize incident response plan and information sharing,
  • Learn how to configure existing security features to be compliant with the latest CSCF.

 

Education Content

  • SWIFT PAYMENT SYSTEMS WORKING PRINCIPLES

General definitions of payment systems

EFT infrastructure, working logic and possible security vulnerabilities

SWIFT infrastructure, operational logic and potential security vulnerabilities

Alternative payment systems and the future

Blockchain (BlockChain)

Bitcoin, the digital currency and its uses

Vulnerabilities and exploitation methods of Bitcoin and similar currencies

  • RESTRICTION OF INTERNET ACCESS TO CRITICAL SYSTEMS OR SEPARATION FROM OTHER SYSTEMS

Isolating the SWIFT System from Other Systems

Controlled Account Usage

  • TYPES OF CYBER-ATTACKS AGAINST PAYMENT SYSTEMS SWIFT SYSTEMS

Unauthorized SWIFT transactions via VPN scenario

Unauthorized SWIFT transactions via APT attacks against the end user

Unauthorized SWIFT transactions by exploiting server-based vulnerabilities

A sample cyber attack scenario against SWIFT Infrastructure (Hands-on)

Examples of advanced malware targeting payment systems (Odinaff, Carbanac)

Analysis of Odinaff and Carbanac malware

Penetration testing steps for SWIFT Systems

How to detect cyber attacks on the SWIFT system?

  • CONTROL OF THE ATTACK AREA AND VULNERABILITIES

Internal Network Data Flow Security

Updates

System Tightening

  • PHYSICAL SECURITY
  • USER ACCOUNT SECURITY

Password Policies

Multi-Factor Login Verifications

  • USER ACCOUNT MANAGEMENT

Account Management

Token Management

  • ABNORMAL SYSTEM ACTIVITY MONITORING

Malware Protection

Software Integrity

Database Integrity

Log Mechanism and Management

  • INCIDENT RESPONSE AND INFORMATION SHARING

Cyber Incident Response Planning

  • CYBER SECURITY AND AWARENESS TRAININGS
  • CONSULTANT SAFETY CHECKS
  • CONTROLLING THE ATTACK AREA AND VULNERABILITIES

Back Office Data Flow Security

External Transmission Data Protection

User Session Integrity

Vulnerability Scanning

Non-System Critical Activities

  • USER ACCOUNT MANAGEMENT

Personnel Review Process

Physical and Logical Password Storage

  • ABNORMAL SYSTEM ACTIVITY MONITORING

Attack Detection

  • INCIDENT RESPONSE AND INFORMATION SHARING

Penetration Tests

Scenario and Risk Analysis

  • CREATING A SECURE SWIFT INFRASTRUCTURE

Developing secure SWIFT infrastructure SIEM correlation rules

Security tightening recommendations for SWIFT infrastructure and software (KB 5020786)

Isolation of SWIFT infrastructure from other networks

Intrusion and anomaly detection system deployment for a network of SWIFT systems

Security tightening of operating systems on which SWIFT software is installed

Control of authorized accounts

Decoupling SWIFT systems included in the domain environment

Tightening the communication traffic of SWIFT systems through the firewall

Sample SIEM correlation rules against potential SWIFT security exploit events

Security review of SWIFT software used in Turkey and recommendations

  • BANKING PAYMENT SYSTEMS AND SWIFT SECURITY IN TURKEY

Examples of cyber attacks targeting banking infrastructure and payment systems

Case Studies (Central Bank of Russia, Bangladesh Central Bank and Vietnam TP Bank)

SWIFT attacks targeting Turkey

Banks whose licenses were revoked after the cyber attack

Cyber attacks targeting the Turkish banking sector in 2016

Who Should Receive the Training?

  • All employees working in the banking sector, including technical and administrative staff (in particular),
  • Security experts.

Requirements

  • It is a Special Training for the Banking Sector. It does not require any prerequisites.

Plan this training institutionally!

This training can be planned in different durations and content specific to your organization. Please contact us for detailed rich content and planning to realize your training objectives.

Get in touch

Additional information

Lokasyon

Online

Kontenjan

20

Eğitmen

Academy Club