Feeds

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

Report: 20 major cash-holders to be probed by white hats

Eight steps to building an HP BladeSystem

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported.

The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other institutions in the City at the wrong end of a simulated cyber-attacks and didn't involve retail banks, as explained in an BoE statement issued at the time.

But according to the reports, this is about to change.

According to sources who spoke to the Financial Times (behind paywall), the Bank of England's “ethical hackers” will attack 20 major banks and other financial institutions in the new round of cyber resiliency tests. Unnamed government-accredited penetration testing firms will be involved. The FT speculated that the Royal Bank of Scotland and the London Stock Exchange would participate, but there have been no confirmations.

Adrian Beck, security programme manager EMEA at cloud-based application security company Veracode, welcomed the reported move.

"It’s encouraging to see the Bank of England taking a lead on protecting the UK’s critical national infrastructure by overseeing ethical hacking programmes," Beck said.

He added: "Ethical hacking, in the form of penetration testing, is one way to expose software coding errors in an organisation’s applications, along with other vulnerabilities that threaten critical data. All businesses, whether in the public or private sector, should consider the benefits of investing in ethical hacking as part of an application security programme."

Marc Lee, director EMEA at infosec firm Courion said that penetration testing can only go so far and banks need to look at the bigger picture by taking precautions to defend against internal as well as external threats.

"The focus shouldn’t be solely on detecting and preventing external attacks," Lee explained. "It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office [that] leaves sensitive data and apps open to abuse or theft."

"Looking at the bigger security picture, the majority of serious data breaches use stolen or misused legitimate access privileges. Banks need strong, reliable systems in place to quickly identify any security vulnerabilities and take appropriate actions to prevent a breach and avoid financial and reputational damage,” he added.

Ross Brewer, vice president and managing director for international markets at security tools firm LogRhythm, commented: "The financial sector is taking a positive step here, which many other organisations need to learn from. As they play such a critical role in society, it would be disastrous for one of our leading banks to suffer a significant data breach.

"We only have to look at recent large-scale data breaches, such as [that of] Target in the US, to see just how devastating and long-lasting this can be. Given the level of trust businesses and consumers place in banks, a successful attack on a financial firm would be even worse." ®

Maximizing your infrastructure through virtualization

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
Price cuts, new features coming for Office 365 small biz customers
New plans for companies with up to 300 staff to launch in fall
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.