Simulated attacks give London banks a trial run in readiness

Share this article:

Around 100 financial institutions in London took part in a wide scale exercise created to test the city's cyber security readiness.

Dubbed “Waking Shark II,” the simulated attacks carried on for more than five hours on Tuesday, and were supervised by a number of UK entities, including the Financial Conduct Authority (FCA), the Bank of England, and the country's Treasury department.

According to a Tuesday Reuters article, some of the banks and financial organizations that participated included, Barclays, Morgan Stanley, Bank of America, Goldman Sachs, HSBC, JP Morgan, the London Stock Exchange and Royal Bank of Scotland.

Attack exercises were meant to test the resilience and response of the city's financial market, and entailed fake foreign government and denial-of-service attacks, among other “war games,” the outlet revealed.

The event, in its second year in the UK, is comparable to “Quantum Dawn,” a similar simulated attack in the U.S. (also in its second year) that Wall Street has participated in.

Last month, the Securities Industry and Financial Markets Association (SIFMA) released the results of the Quantum Dawn 2 trial run attacks, which occurred on July 18 in the U.S.

Deloitte & Touche co-authored the 11- page report.

Areas where participating firms needed to improve their procedures were highlighted, as well as recommendations to address the weak points.

Proposed improvements included, institutionalizing procedures to determine if financial markets should remain open or close in the wake of systemic cyber attacks; updating sector-wide incidence response between government agencies and financial organizations; and formalizing communications protocols with the public when responding to attacks.

On Tuesday, Doug Johnson, vice president and senior adviser of risk management policy at the American Bankers Association, told SCMagazine.com that the exercises provide an “extremely valuable” lesson in cyber readiness for banks.

He also added that the tests should grow to become more efficient, as the institutions participating in the simulated attacks are also meant to.

“We get better every time we do one of these [exercises],” Johnson said, later adding that “it's also important that we, not only continue to refine the tests, but that we also take action on the lessons learned.”

Avivah Litan, vice president and distinguished analyst at research firm Gartner who specializes in fraud prevention in the banking sector, said in an email to SCMagazine.com that the exercises were crucial in that give organizations "a chance to test out their organizational preparedness."

"It's one thing to have all these processes documented – it's another to test them out and make sure they work," Litan wrote. "It's a lot like a fire drill. You can tell people which exits to take when, but unless you practice, people get confused when the emergency hits."

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.