Bank of England: Ethical Hackers Wanted


The Bank of England has this year planned to take on a number of ethical hacking professionals to conduct penetration tests on major banks and financial corporations throughout the UK. This comes in the aftermath of the Waking Shark II security test performed last year, where major banks and financial institutions witnessed the wrong side of a security incident and the kind of impacts they could expect if this could happen in real life. Waking Shark II acted as a real wake up call to financial institutions throughout the UK that had little to no understanding of how cyber attacks could seriously impact their organisation, and just how at risk they were through weak security controls on their networks.

It has been reported that major UK banks will be involved in this years exercise, headed by the Bank of England. Over 20 banks and financial corporations are expected to participate in an exercise where qualified, competent penetration testers will attempt to breach the bank in an effort to step up security in a time where banks are being hit hard. It is rumoured that the Royal Bank of Scotland and London Stock Exchange would be amongst those participating, however, this is yet to be confirmed.

This is an announcement that has been welcomed by the security community, who see active research against financial institutions’ technical controls as a forward step in combatting cyber attackers in the current climate. Many professionals are backing the move, stating that it is encouraging to see the Bank of England being proactive in the cyber arms race.

ethical hacking

The Bank of England is hoping that the penetration testing exercises will wake financial institutions up to the threats to their data in a practical way

It is believed that the penetration testing exercises will reveal design and coding errors in major corporations, thus allowing the organisation to mitigate these risks by addressing identified vulnerabilities. It is hoped that this exercise will encourage banks to take a proactive approach themselves, constantly reviewing their environment and taking practical steps to identify how an attacker may comprimise data on their network.

While it is encouraging to see banks undertaking practical tests against their infrastructure, this is a minor step and banks need to look at the bigger risk management picture in order to combat both internal and external threats, says Marc Lee – director EMEA of information security giants Courion. Mr Lee went on to state that threats can come from both inside and outside, as well as physical and in cyber space. A proportionate risk managed approach should be taken, with technical and physical security testing taking place regularly.

This move may also be in the wake of the target data breach in the US, in which thousands of users data records were stolen. If an incident such as this were to occur in the UK, in the financial sector, then this could have catastrophic impacts on the UK. This move to proactively attack the banks infrastructure is a giant step forward, however, many security professionals, as stated, are hoping that this will be the start of something bigger.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *