New cybercrime tests for banks

Hands on computer keyboard Many cyber-thieves target bank and business networks in a bid to steal data and cash

Related Stories

The Bank of England has stepped up its efforts to protect the UK's financial institutions from cybercrime with a new testing framework to spot vulnerabilities.

The Bank says hacking represents a growing risk for the financial sector.

The new tests will combine government intelligence about existing cyber-threats with those that the security industry assesses to be risks.

It is expected that the voluntary tests will be widely adopted.

Bad guys

The new cybersecurity strategy, known as CBEST, is the first of its kind for the financial services sector and tests will begin this summer.

"The results should provide a direct readout on a firm's capability to withstand cyber-attacks," said Andrew Gracie, the Bank of England's executive director of resolution.

James Chappell is chief technology officer at Digital Shadows, one of the security firms taking part in the tests. He explained how they would differ from previous vulnerability testing:

"Previous tests were carried out by a geeky guy who tried various technical ways to get into a system and then presented a report to the bank.

"These tests will mimic the behaviour of the bad guy, whether that be a hacktivist, organised crime or a nation state, it will emulate the same techniques they would use."

Rising risk

In a speech to the British Bankers' Association cyber-conference in London launching the new framework, Mr Gracie warned that banks needed to be better prepared to counter cyber-attacks.

"Cyber presents new challenges. Unlike other causes of operational disruption like fires and floods, we know there are agents out there - criminal, terrorist organisations or state sponsored actors, that have the will, if not necessarily the means, to attack the system.

"Low-level attacks are now not isolated events but continuous. It is clear that the risk is on the rise and a growing cause of concern to industry and authorities alike."

According to the Bank of England's Systemic Risk survey, during 2013 there was a 10% increase in concerns about cyber-attacks among banks.

In December, the Royal Bank of Scotland admitted its platform was briefly attacked by hackers while one unidentified London-listed company incurred losses of £800m in a cyber-attack a few years ago.

Results of the tests are unlikely to be made public.

More on This Story

Related Stories

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.