UK Banks Face Cyber Security Stress Test - Operation Resilient Shield

 

The City of London financial institutions' CIO's will soon be feeling the heat as the Bank of England rolls out it's new war-game to test the cyber-resilience of the UK's financial sector.

Banks will be subjected to a series of ‘attacks', designed to spot weaknesses in their network. Any holes found in the defences of the UK's finance industry will be rigorously prodded.

The operation, called Resilient Shield, will be coordinated by the UK's Computer Emergency Response Team, CERT - UK, the team devoted to managing major cyber-security incidents in the UK. The tests will also include US banks and test the communication between governments and  financial institutions.

Obviously, financial institutions are large, desirable targets for cyber-criminals, hacktivists and spies alike. In few places is that more the case than the UK, one of the world's centres of finance.  Some 90 percent of large UK companies reported a breach last year and cyber-criminals are increasingly targeting UK banks and customers.
Sir David Omand, the former director of GCHQ, told senior finance officials in July that their businesses are at major risk of becoming the victim of a geopolitical cyber-attack. Mark Carney, the governor of the Bank of England also warned the finance sector earlier this year of cyber-crime being a major threat to the City's financial stability.

Richard Brown, director of channels and alliances for Arbor Networks agrees. He told SCMagazineUK.com that “The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks”

The post-game report for Operation Waking Shark II, this new operation's antecedent in spirit if not in name,  stated that, “The lessons learned will not only influence the finance sector's preparedness for a real-life cyber-event, but also serve as an example of how other sectors in the UK's finance industry can test their own capabilities in the future.” But has it really influenced their preparedness? Several reports have shown the cyber-security in the UK's banks is not yet up to scratch or in line with the threats that those institutions regularly face. Several high profile cyber-heists in the last year, have not helped that image.

The software company, Fujitsu, recently released a report with some interesting findings on the UK's financial sector. SC spoke to Rob Norris, UK director of enterprise and cyber-security at Fujitsu. He said that the financial services sector often operates with legacy systems that have been outdated but it's also a sector where the speed and complexity of innovation, like mobile and online banking, is hard to keep up with from a cyber-security point of view.  “CIOs in the banking industry are facing an unenviable challenge” says Norris, but, ”what is paramount is that the industry does not overlook or get complacent about security or place it in the “too big to fix” category. As the number of threats continue to increase exponentially – can the industry afford for it not to be the number one priority?”

Where Waking Shark II and previous industry tests like it have dealt with information sharing and coordination in the wake of a cyber-attack on a state level, the inclusion of US institutions means that Resilient Shield will widen the scope to include transatlantic coordination too. 
SC Magazine: http://bit.ly/1H1Njxo

 

 

« Where Next? Paris Attacks Show Mumbai Strikes Are Global Blueprint
Internet of Things will drive the Digital Revolution of Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Mitol PerfectBackup

Mitol PerfectBackup

Mitol PerfectBackup provide Enterprise Online Backup, Disaster Recovery and Cloud Computing Services.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

LGMS - LE Global Services

LGMS - LE Global Services

LGMS is a leading cyber security penetration testing and assessment firm in the Asia Pacific region.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.