In an effort to boost security, The Bank of England has created a new testing framework to highlight vulnerabilities in cyber systems across financial institutions.
The first of its kind, CBEST involves a series of tests designed to replicate hacker behaviour and expose any holes in an organisation’s online security. Examinations are to be carried out by nine intelligence firms and were comprised using information from government intelligence units and security experts.
At a price of £100,000 to firms, CBEST could be a very wise investment
So far 18 companies have agreed to partake in the initiative, with the results expected to pinpoint what information hackers can gain access to, and the damage they can wreak with it.
“If you look at testing historically, it’s quite focused on tech information which businesses find hard to interpret,” said James Chappell, Chief Technology Officer at Digital Shadows, one of the intelligence firms taking part in CBEST. “We’re looking for real evidence of cyber activity online.” Chappell says that CBEST will be a “collaborative approach to improve the resilience of these organisations”, and that in future other sectors such as “power, energy and telecoms” could benefit from the technology.
The framework comes a year after the banks’ financial committee urged the industry to step up its cyber security. Only recently The Royal Bank of Scotland revealed that its online platform was hacked into, and another unidentified London-listed company lost £800m after a cyber attack several years ago. Internet security company McAfee reports that the global cost of cyber crime is £266bn. At a price of £100,000 to firms, CBEST could be a very wise investment indeed.
Chappell emphasises that the results of each test will vary from institution to institution in terms of “the type of threat and the level of resistance.” Tests on firms begin this summer, and will continue annually on a voluntary basis. Chappell believes that correcting system weaknesses will be about the banks “using what they have in a more effective way”, rather than “investing in new technologies”.