Core financial services 'under threat from cyber attack'

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.thelancasterandmorecambecitizen.co.uk/uk_national_news/14115508.Core_financial_services__under_threat_from_cyber_attack_/


The Bank of England has warned of the "serious and growing threat" to
stability posed by a cyber attack at the heart of the UK financial system,
as essential firms race to protect themselves.

Hackers could potentially disrupt services "vital" to financial
institutions, which are being urged to build their resilience to attacks
and develop strategies to recover in the event of a breach.

The Financial Policy Committee (FPC) said firms needed to ensure cyber risk
was seen as a "strategic priority" in the boardroom - rather than a "narrow
technology issue".

Recent incidents, including the attack on TalkTalk where more than 150,000
customers saw their personal data accessed by hackers, risked undermining
confidence in technology firms, the regulator said.

However the damage done to individual firms would be eclipsed by an attack
on the country's financial infrastructure.

The FCP used the example of a 2013 attack in South Korea which hit
television stations and the banking system, knocking out cash machines and
online banking nationwide.

Addressing the UK's response to the cyber crime threat formed part of the
Bank of England's Financial Stability Report released today.

A survey showed concern over cyber crime spreading rapidly among UK
businesses, far outstripping concerns over other operational risks.

Measures taken by the Bank include testing the vulnerability of firms which
underpin the financial system.

After launching the CBEST testing initiative last summer, experts
identified 35 "core firms" inclduding the largest banks, investment firms,
payment systems, clearing houses and exchanges which required assessment.

To date 10 of the earmarked institutions have completed the tests, while
nine are currently undergoing assessment.

A further 12 are preparing to undergo testing and four are in the
preliminary stages of evaluation.

Costs of testing and protection are met by each firm individually.

The CBEST framework is due to be absorbed into part of the Bank's
supervisory activity, although members could also be held to account under
the Senior Managers Regime.

The UK has joined with the US and a string of major global financial firms
to build up co-operation and response to cyber attacks.

The Bank, along with the Financial Conduct Authority (FCA) and the
Treasury, will review the cyber security of the list of core firms.

The FCP is due to receive a report on work the work next summer.

Bank of England governor Mark Carney said "elevated" international security
risks, in the wake of the terror attacks in Paris and amid a worsening
situation in the Middle East, had been taken into account when assessing
the UK's cyber security.

He said: "There are state actors and there are other non-state actors with
a geopolitical bent that can come through cyber and that work on resilience
is ongoing.

"In that environment we need to build resilience. Our overall message is we
have built resilience, without question."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!