Feeds

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

Report: 20 major cash-holders to be probed by white hats

Build a business case: developing custom apps

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported.

The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other institutions in the City at the wrong end of a simulated cyber-attacks and didn't involve retail banks, as explained in an BoE statement issued at the time.

But according to the reports, this is about to change.

According to sources who spoke to the Financial Times (behind paywall), the Bank of England's “ethical hackers” will attack 20 major banks and other financial institutions in the new round of cyber resiliency tests. Unnamed government-accredited penetration testing firms will be involved. The FT speculated that the Royal Bank of Scotland and the London Stock Exchange would participate, but there have been no confirmations.

Adrian Beck, security programme manager EMEA at cloud-based application security company Veracode, welcomed the reported move.

"It’s encouraging to see the Bank of England taking a lead on protecting the UK’s critical national infrastructure by overseeing ethical hacking programmes," Beck said.

He added: "Ethical hacking, in the form of penetration testing, is one way to expose software coding errors in an organisation’s applications, along with other vulnerabilities that threaten critical data. All businesses, whether in the public or private sector, should consider the benefits of investing in ethical hacking as part of an application security programme."

Marc Lee, director EMEA at infosec firm Courion said that penetration testing can only go so far and banks need to look at the bigger picture by taking precautions to defend against internal as well as external threats.

"The focus shouldn’t be solely on detecting and preventing external attacks," Lee explained. "It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office [that] leaves sensitive data and apps open to abuse or theft."

"Looking at the bigger security picture, the majority of serious data breaches use stolen or misused legitimate access privileges. Banks need strong, reliable systems in place to quickly identify any security vulnerabilities and take appropriate actions to prevent a breach and avoid financial and reputational damage,” he added.

Ross Brewer, vice president and managing director for international markets at security tools firm LogRhythm, commented: "The financial sector is taking a positive step here, which many other organisations need to learn from. As they play such a critical role in society, it would be disastrous for one of our leading banks to suffer a significant data breach.

"We only have to look at recent large-scale data breaches, such as [that of] Target in the US, to see just how devastating and long-lasting this can be. Given the level of trust businesses and consumers place in banks, a successful attack on a financial firm would be even worse." ®

7 Elements of Radically Simple OS Migration

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?