Hack me once, shame on you. Hack me twice, shame on me.
Shame is exactly what executives at Swift ought to be feeling as the global money-transfer messaging network starts sending out memos to clients informing them of a second cyber attack.
The case is of the same type that enabled hackers to steal $81 million from Bangladesh's central bank in one of the biggest heists of all time, the Financial Times reported, citing a copy of the statement Swift will be distributing on Friday. In the second incident, hackers bypassed risk controls at a commercial bank and potentially transferred money illegally, the newspaper said.
The Society for Worldwide Interbank Financial Telecommunication has said the attack doesn't reflect a flaw in its network and that the ``security and integrity of our messaging services are not in question as a result of the incidents.” That non est mea culpa may enable Swift's management to sleep more easily, but is likely to be small comfort to its 11,000 financial institution customers.
Swift was set up 43 years ago to protect members' financial communications. It bills itself as the ``global provider of secure financial messaging services'' and claims excellence, community and innovation as core values. All three are now under threat as a result of the hacking attacks.
It may well be that the flaw was in a client's systems rather than the Swift infrastructure, yet the fact that the network became the conduit for two heists in quick succession puts the onus back on this member-owned organization to show that it can prevent a repeat.
That means innovating. Quick, clear and specific actions need to be taken to bring Swift into the 21st century. At a Swift conference in Singapore last year, and again in London this week, there was wide acceptance that the industry needs to move toward blockchain, or digital ledger technology. This is the methodology underlying bitcoin and similar crypto-currencies.
“The journey to DLT is not a sprint, it is a marathon,” Swift cited Fabian Vandenreydt, its global head of securities markets, as saying, in a 900-word press release on the London conference. Other industry executives echoed similar sentiments in the statement, published Thursday: Blockchain is the future, we're not there yet, let's wait.
This leisurely timing will be music to the ears of hackers, who are looking at the Bangladesh raid with awe and plotting their own ways to exploit the network's weaknesses. Hackers don't care which part of the system has the flaw, and it's a safe bet they're not moving at a slow jog to exploit it.
Swift needs to pick up the pace and soon, or risk losing its relevance.
This column does not necessarily reflect the opinion of Bloomberg LP and its owners.
To contact the editor responsible for this story:
Matthew Brooker at firstname.lastname@example.org