The Bank of England, in partnership with some of the largest US banks, is set to simulate a major cyberattack in order to test the security protocols being employed by the finance industry.
The simulation has been dubbed “Operation Resilient Shield” and will provide a more robust examination of the sector’s defences than the recently implemented Waking Shark tests.
The transatlantic operation was announced by UK Prime Minister David Cameron back in January, after visiting President Barack Obama. It will be co-ordinated by the Computer Emergency Response Team (CERT) in both countries and will look to test communication between banks and governments.
Speaking at the time of the announcement, both the US and UK government reiterated the importance of international co-operation in order to deal with cyberthreats. It is hoped that Operation Resilient Shield will “strengthen threat information sharing and intelligence co-operation on cyber issues, and support new educational exchanges” between the two countries.
A number of high-profile cyberattacks have hit the headlines in recent weeks, serving as a reminder that the threat facing businesses and consumers is ever-present. Both TalkTalk and Vodafone have had to inform customers that their accounts have been compromised, with the former announcing that 21,000 unique bank account numbers and sort codes had been stolen.
More than most other industries, the financial sector must ensure that its security protocols are frequently tested and updated in order to counter the threat posed by cyberattackers. The sensitive information stored by banks and similar institutions means that even a minor security breach could have devastating consequences for businesses and individuals. As well as the threat posed by individuals hackers and collectives, state-led attacks by nations like China and Russia are also now viewed as a serious risk to the UK and US economies.
David Kennerley, senior manager for threat research at cybersecurity firm Webroot:
“In light of recent high-profile cyberattacks, including last month’s TalkTalk breach, it’s vital that organisations think ‘outside the box’ in order to shore up defences. Financial organisations are prime targets because of the value of the data they hold. These ‘cyber war games’ will provide financial institutions across London the opportunity to evaluate their ability to anticipate an attack and develop the comprehensive cyber warfare protection they need.
This simulation is set to be the most sophisticated ever undertaken and will give the industry the checks it needs to test the protection and the processes it has in place. Applying gaming principals to security problems is a great way to improve security knowledge across companies through real engagement. The bottom line is that the more you practice and prepare for an attack, the better you will respond when encountering the real thing.”
Richard Brown, Director EMEA Channels & Alliances, Arbor Networks:
“The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks. The recent attack on TalkTalk, with a 15 year old being arrested on suspicion of carrying out the attacks, shows just how far large organisations need to come to protect themselves, and their customers.
“A proactive approach to security is the best form of defence, with people and analytics tools being used to actively search for threats, instead of waiting for an event to take place. Any test that focuses organisations on their incident handling processes and communications is a good thing, as the more these are used and tested the better our people and processes - and thus our defensive capabilities - become.”
Image Credit: Number 10