Cyber attack test highlights need for better communication among banks

Bank of England releases ‘Waking Shark II' report

A Bank of England-led exercise aimed at testing the resilience of UK banks' cyber defences has highlighted concerns over information-sharing during a real attack.

A report into the findings of 'Operation Waking Shark II' has now been published, detailing the four-hour exercise which sought to replicate the effects of a state-sponsored cyber attack on the UK financial sector.

The event took place on 12 November 2013 and involved 12 retail and investment banks, six infrastructure providers and a number of regulators and government agencies.

The report claims that Waking Shark II, which follows a similar exercise last year, was largely a success, but warned that more needs to be done to improve sharing of technical information during a major cyber attack.

"While there was some communication between the participating firms and [financial market infrastructure providers] there is no formal communication coordination within the wider sector," the report read.

The Bank of England recommends that a "single coordination body" is established to manage communications during an incident, with the British Bankers Association tipped to take on the role.

The report did also note that communications between banks and other parties have improved in comparison to the previous year's test, partly through use of the government' Cyber Security Information Sharing Partnership (CISP) platform, launched in March 2013. CISP is supported by the government's cyber attack monitoring team, known as Fusion Cell, which connects the expertise of GCHQ, MI5 and Government to the businesses community.

Other issues highlighted by participants included a lack of central industry coordination for communicating information to the wider public in the event of an attack, and the need for banks to ensure that all major incidents are quickly reported to relevant regulatory bodies.

Financial institutions are increasingly the targets of distributed denial of service attacks, as cyber criminals attempt to manipulate markets and lower share prices, according to a report released today from Prolexic Technologies.

Stephen Bonner, a partner in KPMG's Information Protection and Business Resilience team, commented that banks must recognise the need to quickly communicate in the event of a major cyber attack, rather than attempting to deal with the situation internally.

"Fear of damaged reputations or stuttering share prices are major factors behind many organisations' decision to keep a low profile when their cyber defences have been breached. But the days of isolationist thinking have long since disappeared, as an attack on one institution can lead to the exposure of commercially sensitive details for another," he said, adding that "only by standing as one can they avoid being breached".

"The fact is that the rising number of attacks shows that cyber vulnerabilities must be taken seriously. We've seen requests for help more than doubling in the past 12 months suggesting that the recognition is there, but awareness doesn't equal resolution. Waking Shark II has shone a welcome light on current vulnerabilities, but that doesn't mean it is safe to 'get back in the water'. Hackers see each barrier as a challenge to be beaten, meaning that constant vigilance and testing is vital if financial organisations are to remain secure."

In related news today, business secretary Vince Cable announced requirements for companies that supply the UK's critical services - including the finance, telecoms and energy sector firms - to adopt robust cyber security measures and to work with government on addressing cyber risks.

Join the CSO newsletter!

Error: Please check your email address.

Tags Bank of Englandsecurity

More about GCHQKPMGResilience

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matthew Finnegan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place