A cyber tipping point

Andrew Gracie has described the recent web assault on Sony as a “salutary reminder” of what firms are up against.

Andrew Gracie has described the recent web assault on Sony as a “salutary reminder” of what firms are up against.

Speaking at the Cyber Defence and Network Security conference in London, The Bank of England’s executive director described cyber threats as “ever-present” and “ever-evolving”.

He explained that a recent questionnaire to 36 firms that make up the core UK financial system pointed to required security improvements. Cyber-crime is more sophisticated than ever and therefore, advances to cyber-security measures must be accelerated.

Gracie alerted the financial services industry to the need to adopt a different disposition for cyber defence. He called on the industry to step up to the reality that networks will be penetrated by criminals and make cyber-security a core feature inside the banking application itself.

We have reached a tipping point. Networks can no longer be protected at the perimeter. A new focus on attack detection and response is now crucial. Proactive measures automatically taken inside the banking applications are now required.

Regulation is key in addressing this challenge. Therefore, we are currently campaigning on the issue, urging the FCA to establish a more robust security regulation framework for the financial services industry.

While the payment card industry has a mandatory testing process to assess the threat of credit card fraud, known as The Payment Card Industry Security Standard (PCI-DSS), there is currently no similar cyber-security compliance process for the financial services industry as a whole. A mandatory testing process would help protect the sector from the ever-evolving cyber-crime threat. 

However, financial services providers must also realise a duty of care to customers, to each other and to the health of the industry, by working more closely together.

Gracie acknowledges this. He explained that “firms need to cooperate, not compete in this space” and that in light of this, the Bank of England is currently “working with industry to strengthen arrangements for information sharing, reviewing existing forums for tactical information sharing and supplementing them where necessary with arrangements for more strategic information sharing including on good practice.”

Bank fraud and cybercrime are industrial-scale problems that present a critical threat to the financial services industry. By creating a tougher industry-wide standard for financial services security, and by ensuring a greater level of cooperation, banks and financial services providers can improve services, increase customer security and ensure consumer confidence in their products.