Financial sector completes cyber attack simulation exercise

This week’s cyber attack exercise for UK financial institutions proves the sector is taking cyber threats seriously, say experts.

The UK financial sector has completed a large-scale cyber attack simulation to test its systems in the event of losing internet or telecoms networks.

The market-wide exercise on 22 November involving 87 financial sector organisations was developed jointly by the Financial Services Authority (FSA), the Treasury and the Bank of England, and checked by independent reviewers to ensure scenarios were realistic and robust.

The focus of the exercise was on dependencies on telecommunications and the internet as well as managing the return to business as usual. 

It also examined the impact of transport disruption against the backdrop of the Olympics, according to the UK Financial Sector Continuity website.

Organisers plan to identify key lessons learned through following up with a number of sector groups and trade associations and publish the findings in a report early in 2012.

The cyber attack exercise for UK financial institutions proves the sector is taking cyber threats seriously, say experts.

All other sectors should follow suit to test how well they would cope with a collapse of telecoms, internet and other systems, said Henry Harrison, technical director at cyber intelligence experts BAE Systems Detica.

The key to such exercises, said Harrison, is using sufficiently representative scenarios that include the loss of confidence in the integrity of data or key systems and even the loss of confidence in the confidentiality of communications between different players in the system.

According to Symantec researchers, around 144,000 malicious files are detected each day, equating to more than 4.3 million each month.

Threats are becoming increasingly targeted and focused on accessing information that can be used for malicious gain or sold on via underground markets, the research shows.

“Often you see security being considered at the last minute rather than being engineered into projects and infrastructures from day one so it’s very encouraging to see an important sector like this taking part in preventative measures,” said Sian John, UK security strategist at Symantec.

“An exercise like this will demonstrate exactly how robust their systems are and where the vulnerabilities lie, which may mean they need to reconsider back-up sites for example or rethink security altogether."

Whatever the results, she said, it is  a nice illustration that financial institutions are proactively looking to manage risk.

Read more on IT for charity organisations