Providing security control assessment services to the worldwide financial network
Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.
For the financial services industry, making sure information is secure – i.e. confidentiality, integrity, and availability -- is paramount. Verizon teams are working with companies in the industry to make sure this valuable data is protected.
In the early 1970s, organizations were realizing that the world was becoming increasingly digitized. In response, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) was formed. SWIFT provides the network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. SWIFT is still trusted as the de facto means for secure messaging amongst entities in the industry.
In 2016, several bad actors succeeded in perpetrating a large-scale bank breach where tens of millions of dollars were transmitted to an unauthorized account using the SWIFT network. One major finding during the following investigation revealed SWIFT users needed guidance on how to secure their own environments which connect to the SWIFT network. As a result, SWIFT created a cybersecurity framework containing both mandatory and advisory security controls. In addition, SWIFT mandated that all SWIFT users attest annually their compliance with the framework.
In 2019, SWIFT provided additional requirements, mandating that SWIFT users demonstrate that the validation of their compliance with this new cybersecurity framework was performed by an independent entity, either internally (such as second- or third-tier audit or risk group) or externally using a qualified cybersecurity auditing organization. All SWIFT users must self-attest by December 31 of each calendar year.
Verizon has a long history of providing a similar set of services to the Payment Card Industry (PCI) community and is well-positioned to help organizations meet this need. Working with a trusted industry partner enables an organization’s internal teams to focus on their day-to-day activities. Further, as an independent reviewer, Verizon teams are able to provide a fresh set of eyes and can often identify potential vulnerabilities or key areas where improvements are needed. The team’s experience in auditing and compliance assessment provides valuable insight, looking at the organization objectively and holistically.
For related media inquiries, please contact firstname.lastname@example.org