Cyber-attacks have risen to the top of the list of threats for UK banks according to the Bank of England’s director of financial stability, Andrew Haldane, but understanding and management of the risk is still at an “early stage”.
Speaking at a Treasury select committee on Wednesday, Haldane said that during recent meetings with the five top banks in the UK, four of the banks had claimed that the threat of cyber-attacks now presents a major threat to their stability – more so than even the eurozone crisis.
However Haldane said that despite the awareness among leading banks, there was still a way to go in terms of fully understanding the risk presented.
“Four of the five identified cyber-risk as having risen to the top of their list, which I thought was very interesting,” Haldane said. “What was just as interesting was that the fifth firm didn’t have it on their list.”
“They now do, which is the source of some reassurance, but it made me think that understanding and management of this risk was still at a somewhat early stage.”
Haldane added that there is a need for more action by both the Bank of England’s Financial Policy Committee (FPC) and the government to ensure that the financial sector is prepared the “ever-evolving” cyber-threat.
“You could see why the financial sector would be a particularly good target for someone wanting to wreak havoc through a cyber route,” Haldane said. “So I very much hope the FPC and wider government – as I think this has to be the wider government – would take a close look and a deep dive into the state of preparedness of the financial sector for such threats, which of course are ever-evolving. The cyber-risk is one that is difficult to keep up with because it is moving at such pace over the past six to twelve months.”
Symantec’s UK security CTO, Sian John, warned that despite efforts on the part of both the banks and the government to prepare for attacks, more can be done to protect against the wide range of threat types.
“In 2012, financial companies and public sector institutions were the UK’s most attacked businesses and organisations,” John said. “Although banks continue to invest in new security technology, this shows just how crucial it is for them to be ahead of the curve.
“Eighteen months ago, British banks took part in a cyber-attack exercise to see how they would cope with a collapse of their telecoms, internet and other business-critical systems. With the continued threat of financial Trojans – which steal banking details – and ever more sophisticated attacks by cyber-criminals, there may be cause for banks to test their systems again to ensure they are fit for purpose.”
Banks in the UK have come under attack from organised cyber-criminals in increasingly sophisticated attacks, however there is also the threat of state-sponsored attacks. Countries including Iran and China have been accused by the US of orchestrating attacks against the financial sector in recent months.
Last month, reports emerged of a significant attack against a financial exchange firm. The 167 Gbps attack was described as the largest ever targeted at a fiancial sector organisation according to security firm Prolexic.