UK Banks Face Cyber Security Stress Test - Operation Resilient Shield

 

The City of London financial institutions' CIO's will soon be feeling the heat as the Bank of England rolls out it's new war-game to test the cyber-resilience of the UK's financial sector.

Banks will be subjected to a series of ‘attacks', designed to spot weaknesses in their network. Any holes found in the defences of the UK's finance industry will be rigorously prodded.

The operation, called Resilient Shield, will be coordinated by the UK's Computer Emergency Response Team, CERT - UK, the team devoted to managing major cyber-security incidents in the UK. The tests will also include US banks and test the communication between governments and  financial institutions.

Obviously, financial institutions are large, desirable targets for cyber-criminals, hacktivists and spies alike. In few places is that more the case than the UK, one of the world's centres of finance.  Some 90 percent of large UK companies reported a breach last year and cyber-criminals are increasingly targeting UK banks and customers.
Sir David Omand, the former director of GCHQ, told senior finance officials in July that their businesses are at major risk of becoming the victim of a geopolitical cyber-attack. Mark Carney, the governor of the Bank of England also warned the finance sector earlier this year of cyber-crime being a major threat to the City's financial stability.

Richard Brown, director of channels and alliances for Arbor Networks agrees. He told SCMagazineUK.com that “The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks”

The post-game report for Operation Waking Shark II, this new operation's antecedent in spirit if not in name,  stated that, “The lessons learned will not only influence the finance sector's preparedness for a real-life cyber-event, but also serve as an example of how other sectors in the UK's finance industry can test their own capabilities in the future.” But has it really influenced their preparedness? Several reports have shown the cyber-security in the UK's banks is not yet up to scratch or in line with the threats that those institutions regularly face. Several high profile cyber-heists in the last year, have not helped that image.

The software company, Fujitsu, recently released a report with some interesting findings on the UK's financial sector. SC spoke to Rob Norris, UK director of enterprise and cyber-security at Fujitsu. He said that the financial services sector often operates with legacy systems that have been outdated but it's also a sector where the speed and complexity of innovation, like mobile and online banking, is hard to keep up with from a cyber-security point of view.  “CIOs in the banking industry are facing an unenviable challenge” says Norris, but, ”what is paramount is that the industry does not overlook or get complacent about security or place it in the “too big to fix” category. As the number of threats continue to increase exponentially – can the industry afford for it not to be the number one priority?”

Where Waking Shark II and previous industry tests like it have dealt with information sharing and coordination in the wake of a cyber-attack on a state level, the inclusion of US institutions means that Resilient Shield will widen the scope to include transatlantic coordination too. 
SC Magazine: http://bit.ly/1H1Njxo

 

 

« Where Next? Paris Attacks Show Mumbai Strikes Are Global Blueprint
Internet of Things will drive the Digital Revolution of Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

TeleTrusT

TeleTrusT

TeleTrust is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.