UK Banks Face Cyber Security Stress Test - Operation Resilient Shield

Uploaded on 2015-11-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Resilience

 

The City of London financial institutions' CIO's will soon be feeling the heat as the Bank of England rolls out it's new war-game to test the cyber-resilience of the UK's financial sector.

Banks will be subjected to a series of ‘attacks', designed to spot weaknesses in their network. Any holes found in the defences of the UK's finance industry will be rigorously prodded.

The operation, called Resilient Shield, will be coordinated by the UK's Computer Emergency Response Team, CERT - UK, the team devoted to managing major cyber-security incidents in the UK. The tests will also include US banks and test the communication between governments and  financial institutions.

Obviously, financial institutions are large, desirable targets for cyber-criminals, hacktivists and spies alike. In few places is that more the case than the UK, one of the world's centres of finance.  Some 90 percent of large UK companies reported a breach last year and cyber-criminals are increasingly targeting UK banks and customers.
Sir David Omand, the former director of GCHQ, told senior finance officials in July that their businesses are at major risk of becoming the victim of a geopolitical cyber-attack. Mark Carney, the governor of the Bank of England also warned the finance sector earlier this year of cyber-crime being a major threat to the City's financial stability.

Richard Brown, director of channels and alliances for Arbor Networks agrees. He told SCMagazineUK.com that “The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks”

The post-game report for Operation Waking Shark II, this new operation's antecedent in spirit if not in name,  stated that, “The lessons learned will not only influence the finance sector's preparedness for a real-life cyber-event, but also serve as an example of how other sectors in the UK's finance industry can test their own capabilities in the future.” But has it really influenced their preparedness? Several reports have shown the cyber-security in the UK's banks is not yet up to scratch or in line with the threats that those institutions regularly face. Several high profile cyber-heists in the last year, have not helped that image.

The software company, Fujitsu, recently released a report with some interesting findings on the UK's financial sector. SC spoke to Rob Norris, UK director of enterprise and cyber-security at Fujitsu. He said that the financial services sector often operates with legacy systems that have been outdated but it's also a sector where the speed and complexity of innovation, like mobile and online banking, is hard to keep up with from a cyber-security point of view.  “CIOs in the banking industry are facing an unenviable challenge” says Norris, but, ”what is paramount is that the industry does not overlook or get complacent about security or place it in the “too big to fix” category. As the number of threats continue to increase exponentially – can the industry afford for it not to be the number one priority?”

Where Waking Shark II and previous industry tests like it have dealt with information sharing and coordination in the wake of a cyber-attack on a state level, the inclusion of US institutions means that Resilient Shield will widen the scope to include transatlantic coordination too. 
SC Magazine: http://bit.ly/1H1Njxo

 

 

« Where Next? Paris Attacks Show Mumbai Strikes Are Global Blueprint
Internet of Things will drive the Digital Revolution of Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Infosistem

Infosistem

Infosistem is a Croatian ICT company with extensive expertise and experience in enterprise and SMB ICT projects and solutions.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.