UK banks to take part in data security war games

UK banks to take part in data security war games

In terms of an industry sector that is constantly conscious of its access control responsibilities, it is probably fair to say that banks and financial institutions are more than aware that they hold a treasure trove of information. With identity theft an increasingly common concern for consumers, data security has become paramount.

With that in mind, a series of UK-based war games initiated by financial regulators and government officials will take place, with a number of leading institutions taking part in a one-day bombardment of their security systems. According to The Independent, the exercise – dubbed "Waking Shark II"  – will force staff members to respond to a number of attacks that are geared towards accessing banking credentials and physical hardware such as ATM machines.

While this is not the first time that the financial sector has engaged in these simulations – Wall Street carried out a similar exercise known as "Quantum Dawn" – they are being seen as an opportunity to test vital aspects of security compliance, with the acquisition of data being the primary focus.

"These kinds of exercises provide a good opportunity to put people and organizations through their paces, much like the army does when practicing maneuvers," said David Emm, a researcher at Kaspersky Lab, according to the news source. "They can never be a substitute for a real-life attack. But they can however force people to think about the situation they are faced with and what they would do in that very moment."

Physical options
The results of these tests are expected to be released in 2014, but some security consultants are concerned that the operation may only be targeted towards online threats. There is always a danger of a coordinated physical attack, according to The Register, with USB sticks and hardware keyloggers reportedly just the tip of the iceberg.

"There's a great concentration on hackers disrupting access to computers but they aren't testing physical security," said professor David Stupples, head of center for cybersecurity sciences at City University, London, in an interview with the news source."DDoS is old hat and never going to cause that much of a problem. By contrast, losing customer details through smart malware has an enormous damage potential."

However, the timing of the UK-based exercise could be perfect. According to Network World, a recent report from Trend Micro has shown that the stealing of banking credentials is at its highest level since 2002, with the United States seeing 23 percent of 200,000 new infections discovered between July and September. Accessing financial information may be one of the oldest forms of hacking, but its popularity among the virtual underworld remains undiminished.

Posted by

Comments are closed.