The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has a history of failing to address security incidents involving clients of the financial messaging company, according to a Reuters report. More a dozen current and former board members and senior employees, including an executive who was SWIFT’s CEO for fifteen years, told Reuters that the company did not consistently oversee or attempt to improve poor security practices of its clients.
Although SWIFT viewed smaller financial institutions as a potential security threat, the company failed to monitor its users’ security procedures or track security incidents, according to the individuals. The messaging platform viewed banking regulators as responsible for overseeing the security practices of smaller banks, former board member Arthur Cousins told Reuters.
The financial messaging service platform is at the center of investigations into cyberattacks against banks and financial institutions internationally. In recent months, SWIFT has enacted a flurry of new measures following additional scrutiny into the messaging system’s security and the practices of its clients.
In June, SWIFT CEO Gottfried Leibbrandt said the organization was considering notifying banks that have demonstrated weak information security that “you shouldn’t be on the network.” Then in July, almost three months after the company discovered that malware had targeted its system in the $81 million cyber heist of the Bangladesh Central Bank, the company announced that it had hired two cybersecurity firms to assist its cybersecurity group.