Banks to test cyber defences

UK banks are to take part in the most extensive cyber threat exercise in two years to test their ability to survive a sustained online attack

All major UK banks are to take part in the most extensive cyber threat exercise in two years to test their ability to survive a sustained online attack.

There is growing international concern about the safety of financial markets in the face of increasingly sophisticated cyber attacks.

In September, Scott Borg, chief of the US Cyber Consequences Unit, said he believed manipulation of international financial markets will be the next evolution of cyber crime.

There is a limit to the amount of money criminals can make through theft and credit card fraud, he told a joint session of the ASIS International and(ISC)2 annual congresses in Chicago.

Operation Waking Shark 2 is scheduled for mid-November and will simulate a major cyber attack on the payments and markets systems on which the UK’s financial system depends, according to the Telegraph.

The test is to be monitored by the Bank of England, Treasury and Financial Conduct Authority to assess the ability of the UK’s core financial services providers to withstand cyber attacks.

The first Operation Waking Shark was conducted two years ago under the now defunct Financial Services Authority (FSA).

Finding and fixing financial system vulnerabilities

The latest exercise is designed to test the resilience of UK banks, the stock market and payment providers and identify areas where improvement is needed.

A recent report from the Treasury said the financial system had a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems.

In the light of the report, the Bank of England’s Financial Policy Committee (FPC) has given banks and organisations core to the financial system six months to outline their strategies to protect against potential cyber attacks.

The FPC also said the Bank of England must ensure it is able to operate if its own systems are attacked.

In June, Andrew Haldane, director of financial stability at the Bank of England and FPC member, said cyber attacks were the top risk for UK banks.

Concerns over cyber attacks top even those around the Eurozone crisis and the UK’s banks must do more to protect themselves, Haldane told parliament’s Treasury Select Committee.

Cyber attacks a real threat to banks

In September, Barclays and Santander were targeted by cyber criminals using a keyboard video mouse (KVM) switch to gain remote control of bank computers.

The Santander attempt was foiled, but £1.3m was transferred out of accounts at Barclays before police tracked down the gang.

In May, the scale of the threat was highlighted when US federal authorities charged eight hackers in connection with a $45m pre-paid debit card fraud scheme.

In a similar heist in 2008, a gang took money from cash machines in 49 cities around the world using cloned debit cards.

The thefts stemmed from a data breach at RBS WorldPay, in which hackers stole the personal data of 1.5 million card holders a month earlier.

In July 2012, a Deloitte financial services industry report revealed that nearly a quarter of the world's banks had been hit by security breaches in the preceding 12 months.

Read more on Hackers and cybercrime prevention