Financial firms could be missing out on attack paths to key industry infrastructure, leaving the sector vulnerable to a major cyber-attack.
IT security firm MWR InfoSecurity issued this warning after the Bank of England and the Treasury urged board directors in the financial industry to draw up plans to address the increasing threat levels from cyber-attacks.
Alex Fidgen, director at MWR InfoSecurity, says: “While the issue of improving security is a complex one, it should be focussed around an asset based approach. Emphasis has to be made in protecting key industry infrastructure, such as payment systems, by blocking all attack paths leading to it, and this can only be achieved by thorough assessment of a company’s assets.
“In order for the finance industry to understand where security can be improved, they must adopt assessments that replicate some of the attack methods used by more sophisticated attackers, which are often state sponsored.”
He adds: “If they miss this stage out, they will not identify how best to defend and will not only waste funds and resources protecting the wrong assets but they will be at serious risk of being hacked.”
Fidgen says these measures should apply not only to UK banks but also to any financial institution operating in the EU, especially as the EU still provides Safe Harbour.
The adoption of advanced defensive programmes is likely to provide these financial institutions with a competitive advantage.
“More to the point, a demonstrable defence programme will enable financial institutions to pro-actively satisfy regulatory authorities that their asset book can be value assessed accurately, and potentially argue for lower Capital to Asset ratios under legislation such as Basel III.”