British banks and other financial services providers took part in an exercise to ascertain how secure their computer systems are by getting involved in a cyber-attack war game.
On Friday November 10th, some of the largest financial institutions in the UK tested their cyber security to its limit to see how resilient it was against a major hacking incident.
Not only did they use the experiment, conducted by the Bank of England, to see whether they could sustain such an attack, but it was also to provide information on how they managed to deal with its aftermath.
The 40 firms that took part worked alongside the Financial Conduct Authority and the Treasury to gain valuable insight into their security programmes and their post-attack strategies.
A spokesperson from the Bank of England said: “The exercise will help authorities and firms identify improvements to our collective response arrangements, improving the resilience of the sector as a whole.”
It is hoped the event will be held annually to keep the industry abreast with the latest security developments and ensure staff remain aware of what to do in an incident, as well as helping new employees to learn the procedure.
The Bank of England plans to publish the lessons it has learned from the experiment at a later date, but Robert Schifreen, a former hacker who turned himself into a cyber security expert, told the BBC’s Today programme the event was not realistic.
While the financial institutions may have been perceived to perform well in the exercise, they could still put to the test if a real attack occurred.
“It’s going to be a nice Friday, everyone’s cleared their diary, everyone knows what’s going to happen, and it doesn’t normally happen like this,” Mr Schifreen stated, adding: “When you get hacked, it’s probably going to be on a Sunday afternoon, half the people you need to contact are going to be away on holiday and haven’t told you what their contact numbers are, so it’s not realistic.”
HSBC will be all too familiar with online security problems, after a data breach occurred in the USA last month. Hackers accessed its customers’ personal information, which led to the bank locking its American users out of their online accounts.
While it did not report any fraudulent activity following the breach, which could have impacted as many as 1.4 million people in the US, it highlights the need for strong cyber security services to protect customers’ private and valuable data.
As well as causing obvious problems for account holders, incidences like these affect stakeholders, staff and investors, according to Hermes Investment Management’s head of responsibility Leon Kamhi.
He recently noted that data breaches result in disruption for those investing in the firm, as it is an “embarrassment” to the business. Hackers could also access protected intellectual property regarding ideas and products, meaning the business loses their “competitive edge”.
“Investors can never know for certain if a company is going to be completely safeguarded against a cyber-attack or technical failure – but in this day, it is worth seeking out those taking cyber security seriously,” Mr Kahmhi advised.