By Greg Sim, CEO, Glasswall Solutions
Deputy Governor Jon Cunliffe announced today that future stress tests performed by the Bank of England (BoE) would include an examination of a broader range of risks, adding that a cyber-crime attack is “a possibility” for future “exploratory scenarios” that are planned to take place every other year.
“This latest call for banks to stress test the capabilities of their cyber-security to prevent potentially crippling attacks is recognition that cyber-crime has fast become one of the biggest threats facing the banking sector today,” says Greg Sim, CEO of Glasswall Solutions.
“Impending EU Data regulations planned for 2017 should further add weight to the urgent need for banks and other organisations to place cyber-security as a priority concern, which should being addressed at the top of the agenda at board level. Banks can no longer make light of the risks, as new laws will significantly increase the potential fines organisations will face in the event of a breach. Whilst it is encouraging to see the BoE taking steps to track and assess potential risks, I would suggest that every other year will not be often enough given the current pace of increasing cyber risks.
“To tackle the growing threat, banks need to take control back from the attacker by implementing standards and enforcing best practice which delivers control back to the enterprise and away from the attacker – eliminating cyber-risk. The biggest threat comes from file-based attacks.
“Unstructured, unknown and therefore non-compliant files are routinely allowed in and out of organisations in support of business continuity. In operating an ‘open-door’ policy allowing unknown and unstructured files, organisations simply don’t realise the risk element presented by files, or that this intelligence is available to hackers. 94% of targeted attacks are delivered using document attachments and yet this is an area with little or no focus on security in terms of inbound threats or data leakage. Threats from metadata in emailed documents or those on organisations’ websites can provide invaluable intelligence to the hacker, with the organisation commonly left completely unaware. Assessing the risk presented by files and mapping that against how the business uses files enables policy and standards to be built that eliminates risk yet delivers business continuity.
“This actionable intelligence then becomes auditable and reportable to show where best practice has been applied, which should prove to be vital factors for banks in their compliance with new industry regulation. Open communications will be key to prevent future cyber-crime attacks and maintain trust at the customer, supply chain and regulatory levels. This latest move by the BoE should really just be the start of more to come,” concludes Sim.