01 December 2015


Retired Member

1,294Posts 4,404,193Views 1,543Comments

Cyber Security: the Biggest Threat to the UK Banking Sector?

16 October 2013  |  3870 views  |  0

Next month the UK Government is launching one of the most extensive cyber threat exercises, which will test how prepared financial systems are  to survive a sustained online attack.

The move comes after a senior official at the Bank of England warned earlier this year that cyber attacks are the top risk for UK banks. The warning was confirmed by a report from KPMG highlighting that cyber attacks could cause the next systemic shock to the UK banking industry. 

These warnings beg a very important question. If cyber risk is one of the top concerns for financial organisations, what’s stopping them from mitigating these risks to a point that they don’t pose a major threat to their business?

To be able to answer this question, we need to understand the environment in which financial organisations operate. Today’s banks need to manage access to sensitive data across multiple devices, users, in-house and cloud applications. This creates billions of identity and access relationships between the organisation and its stakeholders, third party suppliers, remote workers, customers and so on. The result is a pool of Big Identity Data that is difficult to understand and manage and opens the door to cybercriminals looking to hijack legitimate user credentials to gain access to critical data and applications.

The problem is further exacerbated by the complexity of user relationships and IT systems within large financial organisations and the lack of clear view into how these user relationships are changing as employees move, leave or get recruited into the organisation. Traditionally organisations tend to re-assess user privileges every three, six or even twelve months.  This creates a dangerous gap between user provisioning and access certification where changes in access privileges can remain undetected for months, preventing IT staff from restricting unauthorised access to sensitive information.

To close this gap, organisations need to more effectively leverage the data insight generated from all these user relationships and use this insight to proactively monitor, assess and mitigate access risk. Real-time access intelligence can help organisations understand where the greatest access risk vulnerabilities lie and identify the causes of these issues by analysing multiple risk factors. This, coupled with the ability to detect unauthorised access as it occurs, will enable banks to quickly spot suspicious user behaviour and act upon it immediately to mitigate security risk.


TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

Big Data Pitfalls: The Amateur Data Scientist

26 October 2015  |  1630 views  |  0  |  Recommends 0 TagsInnovation

Reflections on FinovateFall: Mobile, Money and Millennials

24 September 2015  |  1087 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Interoperability: Prerequisite for Next Generation of Mobile Money

08 September 2015  |  1906 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Think More Broadly: Banks CAN Monetize Cash Transactions

31 August 2015  |  1567 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Software development in the retail FX Industry

28 August 2015  |  389 views  |  0  |  Recommends 0 TagsTrade execution

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Ketharaman Swaminathan
Brendan Burge
Astrid Mitchell
Balasubramaniam GD
Tony Ballardie
Graham Seel
Bjorn Soland
John Candido
Gregg Weintraub
Stanley Epstein
Charmaine Oak
Roy Vella