The Daily Telegraph reports that “a simulated major cyber attack [on the] biggest banks in the UK and US” later this month will “probe the industry’s ability to withstand assaults from hackers looking to steal data or cripple the financial sector.”
Operation Resilient Shield
Announced by Prime Minister David Cameron on his visit to President Obama in January, ‘Operation Resilient Shield’ will be an exercise coordinated by the UK’s Computer Emergency Response Team (CERT) that will test British and American banks’ responses to cyber attack.
At the time the exercise was announced, the White House said “both leaders agreed to bolster efforts to enhance the cybersecurity of critical infrastructure in both countries, strengthen threat information sharing and intelligence cooperation on cyber issues, and support new educational exchanges between US and British cybersecurity scholars and researchers.”
Operation Resilient Shield will expand on the ‘Waking Shark’ exercises held in the UK in recent years.
Bank of England warning
The Bank of England’s July 2015 Financial Stability Report highlighted the growing threat to financial stability posed by cyber risk, commenting that:
“As with financial risk, cyber risk can be amplified by the interconnectedness of the financial system. In particular, a successful attack on a systemic institution or vital infrastructure (including non-financial infrastructure that the financial sector relies on, such as utilities) could cascade throughout the financial system.”
It also noted the importance of cyber risk governance, specifically “boards viewing cyber risk as a core strategic issue, and challenging senior management where resilience and recovery plans are inadequate. Effective governance includes ensuring that leadership teams have the skills and knowledge required to understand cyber risk, particularly given the adaptive nature of the threat. Cyber resilience is likely to remain an important challenge for boards and senior management.”
The same is true of all organisations with data protection obligations, not just banks: cyber risk management is always a board-level responsibility and an effective information security management system (ISMS) has to be driven from the top down to be effective.
All organisations looking for guidance – whatever their size, sector or location – should consider the international standard ISO 27001, which sets out the requirements of a risk-based ISMS.
Best-practice cyber security
Based on the outcome of a risk assessment, an ISO 27001-compliant ISMS covers people, processes and technology, allowing organisations to manage the risks they face with appropriate controls.
For more information about how ISO 27001 can help you protect your organisation, see our main website >>
ISO 27001 implementation resources
If you’re ready to implement an ISO 27001-compliant ISMS, we have all the resources you need.
Priced from only £380, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organisations, whatever their size, budget or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organisations to implement an ISMS with the minimum of disruption and difficulty.