Bank of England test financial system resilience to cyberattacks
November 2018 by Kirill Kasavchenko, Principle Security Technologist at NETSCOUT
Today, Bank of England, is staging a day-long war gaming exercise to test the financial sector’s resilience to a major cyber incident impacting the UK. Ran in partnership with up to 40 firms including the HM Treasury, the Financial Conduct Authority and UK Finance, the exercise aims to help authorities and firms identify improvements to UK’s collective response arrangements and improve the resilience of the sector as a whole.
Offering his thoughts on this, Kirill Kasavchenko, Principle Security Technologist at NETSCOUT discusses the importance of collaboration and intelligence sharing of best cybersecurity practices to minimise this threat across the sector and beyond. Please find his thoughts on this below and let us know if you have any questions.
Kirill Kasavchenko, Principle Security Technologist at NETSCOUT: “Financial institutions are particularly at risk from cyber threats, simply due to the amount of sensitive data and money they store. With customer interactions, processes and services increasingly moving online, the industry cannot afford cybersecurity – or a lack of it – to become a stumbling block further down the line. Better intelligence sharing and improved co-operation within the financial services industry is vital to managing cyber risk, so it’s great to see this mix of organisations working together to test the UK’s financial system.
“The results of today’s drill will reveal what work remains to be done, but what is important from a DDoS perspective is that the full scale of attack types and techniques are considered. To add further complexity, DDoS attacks are also not launched just for the sake of bringing a resource down. They can also be designed to shift the focus of the defenders, so it’s ‘easier’ for hackers to exfiltrate data undetected. This is why every financial services organisation must implement layered security to mitigate attacks of different sizes and complexity, as well as strengthening visibility and threat detection capabilities across internal networks. That way DDoS attacks can be contained without disruption, but we can also see whether other attacks are being carried out in parallel – so the true scale of the attack is known.”