Following the news that London banks are to participate in cyber attack ‘war game’ Waking Shark II on 12 November, Barry Shteiman, director of security strategy at Imperva, has commented:
“I commend the Bank of England, the Treasury and Financial Conduct Authority, for this great idea.
In the past few years, we’ve seen some focused and proactive security programs in the UK.
Notable are some of the contained DDoS mitigation campaigns that test bank readiness and BCP exercises where employees work remotely and the data center moves to DR to ensure that the business still functions under disaster conditions.
Having a committee planning security controls, cyber attack response steps, and a high-level protection plan is an important initiative. This means that the different financial cyber security heads in the UK can join forces to strategically plan how to mitigate potential cyber threats. This is Threat Intelligence in its most simple and effective way.
This also means that the government will potentially have a way to regulate and measure the cyber security state based on an educated study of best practices, which will lead to businesses (and individual’s) financial information and estates to be secured in a much more focused way.
This is what the PCI DSS standard has done with credit card companies and clearing houses to lower the risk of a breach. It had an important effect in making sure that every business that wishes to keep credit card information or transact in high volumes, is required to secure itself or be fined.
But regulatory mandates are not the only reason to see the relevance of this initiative. It shows that the big chiefs have gotten to a conclusion that the threat is real, is growing, and is a risk for the UK financial industry.”
