BT offers banks, insurance firms and other financial institutions an ethical hacking service to identify IT weaknesses and inspire customer confidence
BT is to offer an ethical hacking service to financial services organisations, helping them identify vulnerabilities and weak spots in their IT infrastructure.
The industry is attractive to perpetrators of cyber-attacks because of the large amounts of personal and sensitive information held by banks and insurance firms, with much of it ready to be used for financial gain.
This means any data breach or attack can have serious consequences for customers and seriously damage the reputation of the financial institution.
“The prospect of accessing confidential financial information is a powerful lure for hackers so few companies attract as much online criminal attention as banks,” said Mark Hughes, president of BT Security. “While much of the concern focuses on retail-banking activities, the threat is just as important for investment banks or for wholesale, where banks provide services like currency conversion and large trade transactions for major corporate customers.”
Ethical hackers operating for the ‘BT Assure Ethical Hacking for Finance’ service use methods likely to be used by attackers at various points of entry and perceived weaknesses in infrastructure. These might include hardware, internal and external networks, databases and phishing scams.
The hackers also see how humans might pose a risk to security through assessment of how employees implement policies and whether they are susceptible to social engineering.
Types of attack
BT says the service makes use of CREST-certified Simulated Targeted Attack and Response (STAR) methods to replicate threats and draws on experience from assisting firms in the US.
Over a two decade period, ethical hackers have been able to seize customer data, modify payment information, create admin accounts through email attacks, gain access to systems, transfer funds between test accounts and gain access to complete account data through M2M assaults.
“We encourage all financial institutions to put themselves through a rigorous series of cyber-security simulations, whereby our ethical hacking consultants push the cyber defences of financial institutions to the limit,” added Hughes.
Earlier this year, attackers compromised account details of some HSBC mortgage customers in the US, while JP Morgan & Chase co suffered a major breach in 2014, impacting 76 million household accounts and 7 million small businesses. A number of pieces of malware have specifically targeted online banking users, with banks urging customers to protect their machines.
BT Security also offers an ethical hacking service for connected cars, which looks for vulnerabilities inside and outside the vehicle, including Bluetooth links, USB ports, DVD drives, mobile networks and power plugs, accessed by links including maintenance engineers’ laptops and information or entertainment services providers. BT will also offer ongoing support against future threats.
How much do you know about hackers? Take our quiz!