08 February 2016

44975

Retired Member

1,364Posts 4,706,753Views 1,604Comments

Cyber Security: the Biggest Threat to the UK Banking Sector?

16 October 2013  |  3994 views  |  0

Next month the UK Government is launching one of the most extensive cyber threat exercises, which will test how prepared financial systems are  to survive a sustained online attack.

The move comes after a senior official at the Bank of England warned earlier this year that cyber attacks are the top risk for UK banks. The warning was confirmed by a report from KPMG highlighting that cyber attacks could cause the next systemic shock to the UK banking industry. 

These warnings beg a very important question. If cyber risk is one of the top concerns for financial organisations, what’s stopping them from mitigating these risks to a point that they don’t pose a major threat to their business?

To be able to answer this question, we need to understand the environment in which financial organisations operate. Today’s banks need to manage access to sensitive data across multiple devices, users, in-house and cloud applications. This creates billions of identity and access relationships between the organisation and its stakeholders, third party suppliers, remote workers, customers and so on. The result is a pool of Big Identity Data that is difficult to understand and manage and opens the door to cybercriminals looking to hijack legitimate user credentials to gain access to critical data and applications.

The problem is further exacerbated by the complexity of user relationships and IT systems within large financial organisations and the lack of clear view into how these user relationships are changing as employees move, leave or get recruited into the organisation. Traditionally organisations tend to re-assess user privileges every three, six or even twelve months.  This creates a dangerous gap between user provisioning and access certification where changes in access privileges can remain undetected for months, preventing IT staff from restricting unauthorised access to sensitive information.

To close this gap, organisations need to more effectively leverage the data insight generated from all these user relationships and use this insight to proactively monitor, assess and mitigate access risk. Real-time access intelligence can help organisations understand where the greatest access risk vulnerabilities lie and identify the causes of these issues by analysing multiple risk factors. This, coupled with the ability to detect unauthorised access as it occurs, will enable banks to quickly spot suspicious user behaviour and act upon it immediately to mitigate security risk.

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Steve Patel
Aparty Behera
Ketharaman Swaminathan
Karim Maalouf
Brendan Burge
Konstantin Rabin
Paul Zaman
Astrid Mitchell
Balasubramaniam GD
Graham Seel
Bjorn Soland
Miloslav Hoschek