Thousands of staff at a number of financial firms in London are taking part in 'war games' exercise to test how well they can handle a major cyber attack. As part of the test, the firms will be bombarded with messages and placed in certain scenarios. Simulations will include how banks ensure cash remains available via their ATM networks, how they deal with a liquidity squeeze in the wholesale market and how they communicate and coordinate with each other and the authorities.
Speaking ahead of the test, Stephen Bonner, a partner in KPMG's Information Protection & Business Resilience team says: "The world's largest companies have been targeted over recent months by increasingly sophisticated hackers. It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by the resources of nation states who are leading the charge.
"Incidents which involve the loss or theft of commercial rather than personal data often go largely unreported. Hacking is now widespread and the attackers range from the intellectually curious through to sophisticated nation states, the targets range from safety-critical processing systems through to price sensitive deal data.
"Regulators and companies are increasingly concerned about the threat of cyber attacks on the banking system so this is a great initiative for all involved to work collectively together to test our national defences against sophisticated attacks. This is a good opportunity to iron out any flaws now, before our cyber defences are tested in anger."
Bonner concludes: "The test will shine a light on our defences, and that is helpful not just for banks but for business in general. Cyber security failures not only impact business in monetary terms but also in the loss of intellectual property and more importantly, trust."
A recent review by KPMG of the cyber security of non-financial company websites flagged up a range of cyber security concerns, including:
- Vulnerable web servers – corporate websites supported by out-of-date and potentially vulnerable technologies
- Sensitive information which could provide attackers with background on network users, email addresses and corporate intranet configurations
- These weaknesses add to the large amount of information available to hackers from social networks and public sources, all of which helps target sophisticated attack campaigns.
Companies can do a lot to make the attacker's life more difficult, including:
- Reviewing the amount of data leaked online and through public web sites. These are easy targets for hackers
- Ensuring internet-facing systems are kept fully patched and updated
- Educating everyone within the organisation about the value and sensitivity of the information they possess and how they can protect it
- Backing up employee training with sensible cyber security measures and a corporate culture that takes security seriously