The Bank of England has introduced a new strategy to maintain its cyber security for financial organization in the U.K. Previously, the increased threat of cyber-attacks caused its sectors to struggle in protecting itself.
This security strategy relies on its new framework called CBEST, which is based on penetration test that imitates and copy the techniques and processes used by cybercriminals in hacking large financial organization like banks or stock exchanges.
Real threat became the basis of this new strategy where they collect all the possible attacks to a certain financial institution. One of the major steps they undergo is the monitoring of many online sources where they can gather lots of information such as blogs, chat rooms and hacker forums.
The new plot was announced last Tuesday in a speech given by Andrew Gracie who is the executive director of resolution at the Bank of England during the British Bankers’ Association event.
Cyber intelligence firms chosen by the Council for Registered Ethical Security Testers (CREST) will conduct the research in an impromptu basis to avoid predictability from spy and some underground organizations.
All the government bodies and a group of security companies selected by Crest and affirmed by the Bank of England will be authorized to collect threat intelligence through an intense monitoring in order to distinguish all the potential attackers to a particular institution and the precautionary measures they can use against them.
They will conduct a test that will adapt and copy these techniques to measure the flexibility and the systems of the firm itself. A few numbers of individuals from the detection bank and protection team will be part of the tests.
Once the test has been completed, the firm will join the workshops together with supervisors and testers where all the results will be reviewed. A spokesperson from the Bank of England said that the test’s estimated cost is around £100,000 ($168,000) each.
Cyber criminals are now targeting large financial institutions and based on the respondents to PwC’s 2014 Global Economic Crime Survey, 39 % from financial services has been recorded as a victim of cybercrime in comparison to 17% in other industries.
Chief technology officer at Digital Shadows (cyber security company involve in the framework), James Chappell said that there is a massive increase of cyber threats to bank infrastructure in the past three to five years. But despite all the current approaches done by banks to defend their company from attacks, it is still not enough because of the increasing threats by nation states and cyber criminals. Now is the time to raise the bar, he ended his statement with call to action.