Feeds

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

Report: 20 major cash-holders to be probed by white hats

Protecting against web application threats using SSL

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported.

The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other institutions in the City at the wrong end of a simulated cyber-attacks and didn't involve retail banks, as explained in an BoE statement issued at the time.

But according to the reports, this is about to change.

According to sources who spoke to the Financial Times (behind paywall), the Bank of England's “ethical hackers” will attack 20 major banks and other financial institutions in the new round of cyber resiliency tests. Unnamed government-accredited penetration testing firms will be involved. The FT speculated that the Royal Bank of Scotland and the London Stock Exchange would participate, but there have been no confirmations.

Adrian Beck, security programme manager EMEA at cloud-based application security company Veracode, welcomed the reported move.

"It’s encouraging to see the Bank of England taking a lead on protecting the UK’s critical national infrastructure by overseeing ethical hacking programmes," Beck said.

He added: "Ethical hacking, in the form of penetration testing, is one way to expose software coding errors in an organisation’s applications, along with other vulnerabilities that threaten critical data. All businesses, whether in the public or private sector, should consider the benefits of investing in ethical hacking as part of an application security programme."

Marc Lee, director EMEA at infosec firm Courion said that penetration testing can only go so far and banks need to look at the bigger picture by taking precautions to defend against internal as well as external threats.

"The focus shouldn’t be solely on detecting and preventing external attacks," Lee explained. "It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office [that] leaves sensitive data and apps open to abuse or theft."

"Looking at the bigger security picture, the majority of serious data breaches use stolen or misused legitimate access privileges. Banks need strong, reliable systems in place to quickly identify any security vulnerabilities and take appropriate actions to prevent a breach and avoid financial and reputational damage,” he added.

Ross Brewer, vice president and managing director for international markets at security tools firm LogRhythm, commented: "The financial sector is taking a positive step here, which many other organisations need to learn from. As they play such a critical role in society, it would be disastrous for one of our leading banks to suffer a significant data breach.

"We only have to look at recent large-scale data breaches, such as [that of] Target in the US, to see just how devastating and long-lasting this can be. Given the level of trust businesses and consumers place in banks, a successful attack on a financial firm would be even worse." ®

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.