Rakesh Asthana, Managing Director & CEO
The recent cyber heist at the Central Bank of Bangladesh has culminated into one of the largest cyber-crimes in history, after approximately 101 million dollars was stolen by hackers. The hackers took advantage of a vulnerability found in the SWIFT Payment Systems that allowed them to send fake payment orders. The Central Bank of Bangladesh engaged World Informatix Cyber Security (WICS), pioneers of SWIFT Payment System Protection, to lead the incident response, forensic investigation and a remediation plan. “We are working closely with SWIFT, as part of their Customer Security Program, to provide assurance services for SWIFT Payment Systems at customer sites,” says Rakesh Asthana, Managing Director and CEO at WICS. “We have built a proprietary ‘SWIFT Payment System Assurance’ framework based on SWIFT’s security guidelines, lessons learned from the attack on Central Bank of Bangladesh, and additional industry metrics to strengthen our customers’ cyber security posture.”
Management of the incident response and investigation by WICS is regarded as best practice for major cyber security incidents with worldwide media exposure and extreme complexity involving multiple country jurisdictions. The WICS approach and methodology for the SWIFT Payment System Assurance Review includes using manual and automated testing, leveraging their own intellectual property which is a proprietary knowledge-product. Key assessment work includes Vulnerability Assessment of SWIFT customers’ IT environments, using automated and manual tests with licensed professional tools to produce a complete picture of possible weaknesses.
With the increasing threat levels within and outside financial institutions, information security has gained universal importance. WICS offers assurance services for preventing cyber-attacks on Payment Systems, such as the ‘SWIFT Payment System Assurance Review’, and include a proprietary WICS checklist which is also applicable to all financial IT environments.
We have built a proprietary ‘SWIFT Payment System Assurance’ framework based on SWIFT’s security guidelines, lessons learned from the attack on Central Bank of Bangladesh, and additional metrics to strengthen our customers cyber security posture
The company also conducts tests to detect the presence of indicators of malware used in SWIFT attacks, with proprietary search tools based on SWIFT malware signatures, behaviors and binary strings. WICS search tools are unique because the Central Bank of Bangladesh has not yet made the malware samples public.
World Informatix Cyber Security is developing skill sets and innovative proprietary tools at their Cyber Security lab to thwart the biggest threats facing the global financial system and the 11,000 customers of SWIFT. Our team has extensive and in depth professional experience which is deployed for every customer engagement.
The company has invested in training and certifying all their engineers on SWIFT customer security programs. Coupled with the ISO 9001-2008 certification for quality and vulnerability management, WICS is a key challenger to the top tier security organizations in this field. The company has recently conducted two additional SWIFT Payment Systems Assurance reviews at United Nations agencies to help them strengthen security gaps. Furthermore, they have been approached by several central banks and large U.S. Financial Market Infrastructure organizations to conduct Payment Systems Assurance Reviews. “WICS is growing at an exponential rate to fill a niche in the financial cyber security market. We will continue to nurture talent and build upon our proprietary tools to ensure the best services possible to our clients,” concludes Asthana.