Banks Testing Cyber Attack Communications Resilience

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Operation Waking Shark 2 taking place in London today

A host of investment banks and industry bodies will gather in a London location this afternoon to test their resilience to cyber attacks.

Operation Waking Shark 2 will last only a few hours, and will see how banks, law enforcement and industry groups including the Bank of England, would react to hacker attempts on their communications infrastructure.

It will not look at breaches of servers, or where customer data has been stolen, a spokesperson told TechWeekEurope, indicating the stress tests will look at kinds of denial of service attacks.

Bank finance © Paul Fleet Shutterstock 2012Bank cyber attacks

Around 100 people will be taking part, as cyber attack scenarios are thrown out to the separate teams. A report will be produced in the new year.

The operation follows the original Waking Shark tests from 2011, which looked at attacks surrounding the 2012 Olympic Games.

Industry experts believe banks need to do more than just look at communications security in the future. “With so many people and paper-based activity focusing on policies and procedures, this exercise may be more of a logistical planning exercise instead of a simulated practice run,” said John Yeo, EMEA director at Trustwave.

“What needs to be implemented are real world attack scenarios that truly test the businesses’ incident response plans.

“The more important issue is what are they communicating about, and what happens when an attack is more subversive, and not immediately obvious when it strikes.  In our experience, the majority of organisations that suffer a breach do not realise for some time that they have been hit, let alone where the attack originated from, and how it works.”

Banks continue to be battered by various kinds of attack. Throughout last year and in early 2013, distributed denial of service (DDoS) attacks against US banks were especially common, taking customer-facing services offline.

A Trend Micro report released this week showed banking malware had surged in the third quarter. Infection counts surpassed the 200,000 mark, the highest infection numbers since 2002.

Are you a security expert? Try our quiz!