UK Banks Face Cyber Security Stress Test - Operation Resilient Shield

Uploaded on 2015-11-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Resilience

 

The City of London financial institutions' CIO's will soon be feeling the heat as the Bank of England rolls out it's new war-game to test the cyber-resilience of the UK's financial sector.

Banks will be subjected to a series of ‘attacks', designed to spot weaknesses in their network. Any holes found in the defences of the UK's finance industry will be rigorously prodded.

The operation, called Resilient Shield, will be coordinated by the UK's Computer Emergency Response Team, CERT - UK, the team devoted to managing major cyber-security incidents in the UK. The tests will also include US banks and test the communication between governments and  financial institutions.

Obviously, financial institutions are large, desirable targets for cyber-criminals, hacktivists and spies alike. In few places is that more the case than the UK, one of the world's centres of finance.  Some 90 percent of large UK companies reported a breach last year and cyber-criminals are increasingly targeting UK banks and customers.
Sir David Omand, the former director of GCHQ, told senior finance officials in July that their businesses are at major risk of becoming the victim of a geopolitical cyber-attack. Mark Carney, the governor of the Bank of England also warned the finance sector earlier this year of cyber-crime being a major threat to the City's financial stability.

Richard Brown, director of channels and alliances for Arbor Networks agrees. He told SCMagazineUK.com that “The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks”

The post-game report for Operation Waking Shark II, this new operation's antecedent in spirit if not in name,  stated that, “The lessons learned will not only influence the finance sector's preparedness for a real-life cyber-event, but also serve as an example of how other sectors in the UK's finance industry can test their own capabilities in the future.” But has it really influenced their preparedness? Several reports have shown the cyber-security in the UK's banks is not yet up to scratch or in line with the threats that those institutions regularly face. Several high profile cyber-heists in the last year, have not helped that image.

The software company, Fujitsu, recently released a report with some interesting findings on the UK's financial sector. SC spoke to Rob Norris, UK director of enterprise and cyber-security at Fujitsu. He said that the financial services sector often operates with legacy systems that have been outdated but it's also a sector where the speed and complexity of innovation, like mobile and online banking, is hard to keep up with from a cyber-security point of view.  “CIOs in the banking industry are facing an unenviable challenge” says Norris, but, ”what is paramount is that the industry does not overlook or get complacent about security or place it in the “too big to fix” category. As the number of threats continue to increase exponentially – can the industry afford for it not to be the number one priority?”

Where Waking Shark II and previous industry tests like it have dealt with information sharing and coordination in the wake of a cyber-attack on a state level, the inclusion of US institutions means that Resilient Shield will widen the scope to include transatlantic coordination too. 
SC Magazine: http://bit.ly/1H1Njxo

 

 

« Where Next? Paris Attacks Show Mumbai Strikes Are Global Blueprint
Internet of Things will drive the Digital Revolution of Industry »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Styra

Styra

Styra allows companies to secure cloud environments and applications, including those built on the popular Kubernetes open-source cloud platform.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

Neptune Shield

Neptune Shield

Neptune Shield's mission is to deliver cutting edge Maritime focused Cyber Security & Threat Protection through our Hampton Roads based Tech & Cyber Security Hub.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.

ALSO Group

ALSO Group

ALSO is one of the leading technology providers for the ICT industry currently active in 31 countries in Europe and in many countries worldwide via PaaS (Platform as a Service) partners.