Home Tags England

Tag: England

Online information sharing could put corporate finance deals at risk, with cyber criminals potentially targeting major investment banks, corporate executives, advisers and other parties in a bid to glean sensitive financial data, intellectual property...
Patients' NHS data that private companies could get access to under the controversial Care.data programme, will not be able to use such data for marketing purposes or to raise insurance premiums. The NHS have said that the scheme will allow primary care data from GP practices to be shared with the new Health and Social Care Information Centre (HSCIC) and clinical care groups (CCGs), and eventually matched with secondary care data, anonymised and shared with clinical researchers. Under the programme, the NHS claims that researchers will only be able to access non-identifiable data collected from health records. But Phil Booth, co-ordinator at patient pressure group medconfidential claims that the data is not just for the benefit of patient care, but will be used for secondary uses, including potential access by research bodies, information intermediaries, companies, charities and others. "Patients need to be told who is going to have access to their medical information and what for," Booth told Computing. "Broad promises about research benefits are all very well, but the Care.data programme hasn't even received approval to pass data to researchers yet, and you don't see NHS England explaining to patients that it wants all sorts of others - including private companies, think tanks and ‘information intermediaries' - to have access as well," he added. This could include insurance firms, who would have to get approval to access the HSCIC data, and if approved, then firms will have to pay to extract this information.

Although much of the data to identify patients would be wiped -some may remain and private companies could link their own datasets to the data and identify patients.

This could, for example, lead to insurers increasing the price of health insurance. However, at the ISCG Open House conference today, the NHS's chief data officer Geraint Lewis has claimed that companies cannot use care.data information for marketing purposes, or for selling insurance premiums.  In a statement he said: "NHS England and the HSCIC welcome the increase in public awareness and debate about NHS data usage following the nationwide distribution of the leaflet ‘Better Information Means Better Care'. "It is vital, however, that this debate is based on facts, and that the complexities of how we handle different types of data are properly understood. Patients and their carers should know that no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC never profit from providing data to outside organisations," he said.  Data is to be extracted from GP practices as early as March, but Booth argued that this would be "deeply irresponsible because it risks seriously undermining trust in what the NHS does with people's data". He added that the Care.data leaflets that were sent out to households across the UK - at a cost of £1m - do not clearly tell patients what the programme is, or what patients' options are. "It‘s clear the public know very little about what is planned for their medical records, and even less about their right to opt out. That your family's medical confidentiality could rest on spotting a single evasively-worded junk mail leaflet makes an absolute mockery of both transparency and of consent."
Police have arrested four suspected cyber criminals and seized £80,000 in cash and a live grenade after the theft of £1m from two banks. The arrests come three months after cyber criminals targeted Barclays and Santander by taking control of branch computers using a keyboard video mouse (KVM) switch. Two 31-year-old men, a 27-year-old woman and a 24-year-old woman were arrested on suspicion of conspiracy to defraud, conspiracy to launder money and possession of an explosive. The men are being held in custody while the women have been bailed until early next year. The arrests and seizures followed raids on properties in Enfield and Islington, in north London by the Metropolitan Police’s cyber crime unit (MPCCU). Detectives from the unit are investigating the thefts linked to malicious software inadvertently downloaded by customers of the banks. The malware downloads were triggered by opening emails that appeared to be from the targeted banks. The malware enabled criminals to transfer a total of £1m to a series of other accounts, to be laundered and withdrawn as cash, police said. "These arrests by the Met's cybercrime unit follow an investigation into what we suspect is international and organised crime targeting a number of bank customers in London and across the UK,” said detective chief inspector Jason Tunn of the MPCCU. “The victims have been hoodwinked by malware-carrying emails purporting to be from their banks, and subsequently had money taken from their accounts,” he said. Police recovered several computers, smartphones and other media devices, as well as luxury goods in the co-ordinated raids. The MPCCU has asked several banks to freeze a number of accounts linked to the investigation. The National Audit Office estimates that cybercrime costs Britain an estimated £18bn to £27bn every year. Cyber security firm Check Point said bank customers must watch out for emails that appear to have been sent by their bank and contain links to websites or attachments.  “In late 2012, the Eurograbber attack siphoned £30m from bank accounts in Europe using sophisticated malware that infected users’ PCs from emails,” said Keith Bird, Check Point’s UK managing director. “These attacks are complex and stealthy, and exploit customers’ trust,” he said. Bird warned users of online banking facilities should be wary of any emails containing links or attachments, and advised them to keep anti-virus software up to date and install a personal firewall. There is growing international concern about the safety of financial markets in the face of increasingly sophisticated cyber attacks. In September, Scott Borg, chief of the US Cyber Consequences Unit, said he believed manipulation of international financial markets will be the next evolution of cyber crime. In November, UK banks and financial institutions took part in Operation Waking Shark 2, which was designed to simulate a major cyber attack on the payments and markets systems. The test was monitored by the Bank of England, Treasury and Financial Conduct Authority who are due to publish a report on the ability of the UK’s core financial services providers to withstand cyber attacks. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Hundreds of flights at several UK airports were delayed or cancelled at the weekend because of a computer failure at National Air Traffic Services (NATS). The UK air traffic controller said the failure of the computer system enabling ground communications between air traffic controllers in the UK and Europe had been resolved by Saturday evening. However, the knock-on effects of the failure resulted in the cancellation of 18 flights at London’s Heathrow airport on Sunday after 228 flights were cancelled the day before, according to the Financial Times. Gatwick, the UK’s second largest airport, said about 20% of its early morning flights had been delayed because of the air traffic control problem. On Saturday, the computer failure at NATS in Swanwick also affected flights at Stansted, Birmingham, Southampton, Cardiff and Glasgow. NATS said the reduction in capacity has had a disproportionate effect on southern England because it is an “extremely complex and busy airspace”. NATS apologised for the computer failure, but said that contingency measures implemented on Saturday had enabled it to support 90% of normal Saturday flights. “This has been a major challenge for our engineering team and for the manufacturer, who has worked closely with us to ensure this complex problem was resolved as quickly as possible while maintaining a safe service,” NATS said in a statement. NATS has not released any more details, but a spokeswoman told Computer Weekly that more technical detail would be provided as and when it was available. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Two senators say Huawei's participation in a South Korean networking project raises security concerns in the United States. Giant Chinese tech vendor Huawei Technologies continues to find itself in the middle of a global debate over cyber-security and espionage. U.S. lawmakers this week have expressed concerns about Huawei's deal to supply broadband equipment for a project that will build a next-generation network in Seoul, the capital of U.S.

Ally South Korea.

At the same time, England officials have provisionally cleared Huawei to run a cyber-security facility in the country, as long as the company agrees to tighter security policies. All this came the same week that Huawei's founder and CEO, Ren Zhengfei, said the company is no longer interested in selling telecommunications equipment in the United States, where for years lawmakers and regulators have voiced concerns that Huawei's close ties to the Chinese government make it a security risk. They worry that Huawei's telecom equipment—including networking hardware like switches and routers—could include back doors that would give the Chinese government access to U.S. networks and sensitive data, and could become a launching pad for cyber-attacks.

A congressional report in October 2012 reiterated those concerns and cautioned U.S. telecoms about buying Huawei and ZTE equipment. CEO Zhengfei and other Huawei executives said the company would continue to sell other products—from smartphones to servers and storage appliances—in the United States. "Our go-to-market strategy in the U.S.

For the enterprise business remains unchanged, and we are fully behind our customers, partners and channels," Jane Li, chief operating officer of Huawei Enterprise USA, told eWEEK. In South Korea, mobile carrier LG Uplus has put Huawei on its list of equipment providers for its fourth-generation network.

The list reportedly already includes Ericsson, Samsung and Nokia. However, U.S. lawmakers are concerned about the move.

The United States has an extensive security agreement with South Korea, which currently hosts about 28,000 U.S. troops, stationed there to help protect the country against North Korea. In a Nov. 27 letter to the Obama Administration, Sen. Robert Menendez (D-N.J.), chairman of the Senate Foreign Relations Committee, and Sen. Dianne Feinstein (D-Calif.), chairwoman of the Senate Intelligence Committee, asked the president to warn South Korean officials about the risks. "Maintaining the integrity of telecommunications infrastructure is critical to the operational effectiveness of this important security alliance," the lawmakers said in the letter sent to Secretary of Defense Chuck Hagel, Secretary of State John Kerry and James Clapper, Obama's director of national intelligence, according to Reuters.

The letter also called for an "assessment of the potential threats" of Huawei's role in South Korea. Executives for Huawei and ZTE, as well as Chinese government officials, have denied allegations from U.S. lawmakers that the Chinese companies pose any kind of security threat to the United States.

They have argued that there are no close ties between the companies and the government, and that they would welcome scrutiny of their products.

In the wake of the senators' letter to U.S. officials, Huawei and government officials again pushed back. "Our gear is world-proven and trusted, connecting almost one-third of the world’s population," Scott Sykes, a spokesman for Huawei, told Bloomberg. "The motivations of those that might groundlessly purport otherwise are puzzling." Chinese Foreign Ministry spokesman Hong Lei told reporters that Huawei and other Chinese companies, when operating overseas, obey the laws and regulations of those other countries. "We hope that relevant countries can look upon the commercial activities that Huawei and other Chinese enterprises engage in abroad fairly and impartially, and refrain from politicizing this issue at every turn," he said, according to Reuters. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}
The secretary for work and pensions has admitted the Universal Credit benefit scheme will miss its 2017 deadline. The Department for Work and Pensions (DWP) has said some benefits claimants will not be moved on to the reformed Universal Credit system by its 2017 deadline. Secretary for work and pensions, Ian Duncan Smith, said in an interview with the BBC that people receiving Employment Support Allowance may not be transferred in time. He said this group may take longer to transfer because project manager, Howard Shiplee, may wish to take more time with the vulnerable group. The government estimates around 700,000 people in this group will be moved over to Universal Credit after the 2017 deadline. But the Department for Work and Pensions said between 6.5 and 7 million claimants will be on the new system by 2017. A statement from the DWP said: “Most of the existing benefit claimants will be moved over to Universal Credit during 2016 and 2017. Decisions on the later stages of Universal Credit roll-out will also be informed by the completion of the enhanced IT, and these decisions will determine the final details for how people transition to the new benefit.” This announcement came only hours before the chancellor’s Autumn Statement speech. The welfare reform IT programme will replace six existing benefit and tax credit systems on a single system, but has so far been plagued with problems. Ministers are considering abandoning much or even all of the £303m of work developed so far after serious shortcomings, including a lack of security and fraud protection, and functional limitations such as claimants being unable to amend details online. The IT behind Universal Credit was slammed in recent months in highly critical reports by the National Audit Office and Public Accounts Committee. Some £34m of work has already been written off, with suggestions that as much as £140m could yet be scrapped – or even that the whole system will eventually be thrown away and a new one developed from scratch. The DWP today outlined the next stage of delivery of the programme, which focuses on a “safe and secure roll-out". In July, the director general of the government’s Universal Credit programme denied problems with the IT platform, but said plans were being put into action to work with the Government Digital Service (GDS) to ensure the system kept up to date with changes in technology. Today, the department confirmed it will further develop this work with a view to rolling it out after completing testing.

While the system is live in seven areas, it said this will increase to 10 by spring 2014. Following this the DWP plans to include multiple claims from couples and families in this area, before expanding to cover more of the north-west of England. The department will expand the system as it is developed to allow a better understanding of how people will use it. The DWP said this "also allows higher volumes of people to benefit from the better work incentives that come with the new benefit. Importantly, this approach will still allow the Universal Credit programme to roll out within the original budget.” Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
A quarter of UK banks see operational risk as one of the main threats to UK financial stability and over half of these banks said that cyber attacks are a threat following several attacks, according to the Bank of England. In its Financial Stability Report, November 2013, which looked at the second half of this year the Bank of England revealed that over half of 25% of banks that perceive operational risk as a threat believe cyber attack is a major risk.

This compares to the first half of the year when about 23% of banks saw operational risk as a threat and only 6% cited cyber attacks. The steep increase follows a number of attacks this year. “In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services.

While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities.

If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions,” said the report. Peter Armstrong, director of cyber security at Thales UK, said the combination of high interconnectedness, reliance on centralised market infrastructure and complex legacy IT systems are leaving our banks vulnerable to cyber attacks.  He said: “A holistic approach that is designed to tightly integrate cyber defences with processes, people and physical measures is crucial to ensure financial organisations are protected against the latest evolution of threat and attack vectors. "Banks must make more effort to retrain or re-skill their employees. Much more emphasis should be placed on retention of soft skills, IP, organisational culture, the evolution of internal security policies and knowledge of legacy systems.  "Greater collaboration on cyber issues should also lead to an improvement in cyber awareness and continuous policy evaluation and adaptation, particularly as external attacks multiply faster than legacy IT security solutions can currently keep up with.” Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Companies must reassess IT procurement to enable them do business with smaller firms, if they wish to ride the innovation curve, says Gartner. Early indications from Gartner's CIO survey of 2000 senior IT executives, points to a shift in supplier relationship management. In the survey, 68% of the people asked said they would change their IT providers, while a quarter said they would go with smaller suppliers. Almost half (46%) said they would work with new partners while 26% said they were looking to diversify, from a supplier management perspective. The findings could point to a shift in how IT sees itself within business. But traditional approaches to risk management – which have become common practice in IT to ensure value for money and put checks and balances to verify the supplier's business viability – are a barrier for small entrants. As Computer Weekly has previously reported, in spite of the UK government's stated policy to attract smaller suppliers, the tender process is still seen as too complex and costly, precluding some small suppliers from participating. SMEs need expensive, CESG-approved consultants to understand the language and processes and access some of the required information and CESG-approved contractors to carry out the IT health checks required to prove their IT services. Working with small IT suppliers Working with smaller suppliers was one of the hot topics at this year's Gartner Symposium in Barcelona. Speaking at a seminar at the Gartner Symposium, Kevin Griffin CIO GE Capital, said: "We are very good at managing big vendors. We now have a more enlightened view of suppliers. Partnering is key. We have to change mindset, and work with nimbler companies to deliver solutions." David Speirs, CIO of newspaper distributor Menzies Distribution, said the company took three years to implement an SAP system, which presented one version of the truth.

He said: "We spent the last few years stabilising the platform." Now that it has been delivered he said the company is ready to move forward with an innovation strategy. "We are dealing a lot more with startups. We are using them a lot more than before because they have fresh ideas." But in large organisations and government, supplier risk assessment and regulatory compliance can hamper a CIO's ability to work with smaller IT firms. John Finch, CIO of the Bank of England said: "Big suppliers are not able to innovate at the speed we need, but the purchasing supply chain can be a deterrent to smaller businesses." This change in how CIOs view smaller IT firms reflects a change in priority for IT people. Moving away from the industralisation of IT Gartner fellow, Dave Aron said: "We have spent the last 10 years industrialising core IT.

Now is the time to innovate again." The shift involves a move for IT away from being responsible for keeping the back office running, locking down systems and protecting the company's intellectual property through IT security policies, to being open to ideas. The survey found that half of CIOs have split the IT function into two-speed IT organisations, with one part focusing on traditional IT while the other looks at innovation. While larger firms are providing core IT functionality such as systems of record and the infrastructure behind these systems, Gartner sees a need for IT departments to focus on IT systems that enable the business to differentiate and innovate. For instance, at UNHCR (UN Refugee Agency), CIO Naginder Kaur Dhanoa, runs a virtual innovation team alongside the core IT function. She said: "We take in people from [our] field office, not just the head office and reward people if they come up with ideas for innovation." According to Dhanoa people are motivated because they are able to chip in their ideas. However, only 19% of CIOs, according to Gartner said that they have the right skills within their department to support innovation and agility. Some CIOs believe the major suppliers are unable to provide everything they need in terms of the systems of differentiation and innovation. Speaking to Computer in November, McKinsey & Company CIO, Mike Wright said: "It’s much harder to have a debate with [a larger company’s] technologist.

They need to ensure they are sensible, and don’t say anything inappropriate, which is good in some ways, but I also don’t think that’s how you find real expertise." Gartner's findings show that IT departments are prepared to consider smaller companies to inject innovation into the IT organisation. In fact, 45% of the CIOs who participated in the Gartner study said they are turning to startups and less established companies for products and services. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
UK banks have been participating in a simulated cyber attack run by the Bank of England in a bid to test their defences. Called Operation Waking Shark II, it followed a similar initiative two years ago and focused on investment banking operations, the cash machine network, a potential liquidity squeeze and the likely fallout across social media. In addition to the Bank of England, the Treasury, Financial Conduct Authority and staff at various financial institutions – including High Street banks – were involved. "Waking Shark II will bombard firms with a series of announcements and scenarios, such as how a major attack on computer systems might hit stock exchanges and unfold on social media. It will be co-ordinated from a single room housing regulators, government officials and staff from banks and other financial firms," according to Reuters. The March 2011 event, according to Reuters, "involved 'a concerted cyber attack upon the financial sector' that disrupted wholesale and retail payments and online services, and included more than 3,500 people, according to an evaluation published the next year." It was a much smaller operation, held in the auditorium of Credit Suisse at Canary Wharf. The Financial Policy Committee of the Bank of England in September mandated that the financial services industry must "ensure that there [is] a concrete plan in place to deliver a high level of protection against cyber attacks for each institution at the core of the financial system, including banks and infrastructure providers, recognising the need to adapt to evolving threats." The exercise, though, was criticised for not covering physical threats, such as the recent attacks on branches of Santander and Barclays in which the attackers attached keystroke logging devices to PCs after tricking their way into the branches. It also failed to address the kind of social engineering aspect of many attacks in which attackers – whether insiders or outsiders – persuade staff to divulge login details. For example, US National Security Agency whistleblower Edward Snowden scooped up colleagues' login and password details by claiming he needed them to perform his systems administrator role.
The decisions taken by the financial and economic wizards whose jobs involve keeping the UK economy on track are underpinned by data and analytics from the Bank of England. Computer Weekly speaks to the bank's new CIO about the IT challenges and opportunities. John Finch (pictured) has been CIO of the Bank of England since September 2013. Previously he worked at Experian.  “It has been a huge opportunity coming to the Bank of England," he says, "to gain a different set of experiences and meet a different group of people." The Bank of England is considered a very traditional organisation. From an IT point of view, Finch says it is "conservative from an appetite for risk perspective, which is different to the private sector". That said, he says the Bank of England has made significant investment in analytics to capture data for making fiscal policy decisions: "Analytics is a major part of what we do. In some cases we capture data that is fed into clever econometric models run by economists. But there are also standard off-the-shelf analytics tools to provide time-series data and trend analysis. "We have some deeply analytical systems that capture data to provide intelligence to the people who look at the bank, the economy, and to make interest rates decisions." Along with the responsibility for supporting the analytics behind fiscal policy, IT at the Bank of England also covers traditional banking functions such as high-volume transaction systems. It runs the critical national infrastructure for the clearing of intra-bank payments.  "The bank is quite active on the exchange markets, the money markets and the guilds markets because it does a lot of the banking for government," he says. Challenges for IT in banking Clearing and commercial banks are massive organisations that have grown through acquisitions, with all of the complications of using different suites of systems, and have a diverse and ageing technology stack.  As a consequence, Finch says a lot of stress is placed on the technology and the banks have huge sets of requirements from their businesses, such as when retail banks release new products.  On top of these challenges, he says there is also increasing compliance, legislation and oversight due to the credit meltdown, all of which affect IT. New government policy, such as the Help to Buy programme for getting people on the property ladder, means banks need a new mortgage product.

The mortgage systems have to take into account the new way the deposit threshold is calculated. "These are very difficult [IT] environments for the tech people in the banking industry," says Finch. Banking, like many industries, relies heavily on legacy systems. "People have never been able to go back and rework their legacy systems," the CIO says, pointing out that the main reason is due to the pace of change. "They are growing and need to focus on new areas." During the recent Gartner Symposium in Barcelona, one of the hot topics discussed was two-speed IT, where the IT department splits off innovation from core operations.  A lot of people who work here do the job out of a sense of public duty to create a stable banking system John Finch, Bank of England Finch says the Bank of England clearing system is one such core IT system – it must remain 100% available, so there is little room for a Google-like approach to innovating, which encourages free thinking and projects are allowed to fail.  But he sees an opportunity for innovation in other areas of IT. Finch believes the concept of a digital social enterprise could benefit the Bank of England. "Now that we have good intranet knowledge management technologies, organisations are starting to coalesce around content," he says.

A user could create a document and tag it, and another user can then be alerted, as in a Twitter stream, when the document has been published or updated. "It is kind of like an internal Facebook with a knowledge enterprise tied in with mobility." For the Bank of England, such a system could enhance records management. "The digital strategy going forward will lay on social distribution of documents where you can tag a document and comment on it," says Finch. The changing role of the CIO The role of CIO at the Bank of England is primarily to look after the real-time systems that make up the UK payment's infrastructure.  "There is an element of the role in making sure these system run well, and that they are secure and protected.

The CIO role also covers cyber security to protect commercially sensitive information that the Bank of England holds," says Finch.  The UK economy could be disrupted if such information were to be leaked before it was officially announced. Another key aspect of the CIO role is to develop an information and data strategy to determine how the Bank of England will capture data going forward.  "A hundred years ago people would have captured data manually. But with more information online, and from different sources, the bank [needs to find a way to] make use of this new [digital] data." For Finch, the most important part of the role is leading and energising the team of 450 permanent IT staff at the Bank of England and developing talent. "As the remit of the bank changes, we want to be in a position to develop and support the business," he says. "A lot of the folks in my team genuinely want to do the right thing for the good of society and the economy.

A lot of people who work here do the job out of a sense of public duty to create a stable banking system.

A really critical part of my role as CIO is to be able to provide a great environment for the team to develop their careers," says Finch. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Security experts have welcomed the most extensive cyber threat exercise in two years to test the preparedness of the financial infrastructure to withstand a sustained cyber attack. In a similar move, New York staged Quantum Dawn 2 in July 2013 to simulate how firms would cope with a cyber attack in markets. On 12 November 2013, Operation Waking Shark 2 will test thousands of staff at London’s major financial institutions with a simulated cyber attack on systems on which the UK’s financial system depends. The Bank of England, the Treasury and the Financial Conduct Authority will monitor responses to assess the ability of the UK’s core financial services providers to withstand cyber attacks. The exercise is designed to test the resilience of UK banks, the stock market and payment providers to identify areas where improvement is needed. Simulations are likely to test how banks ensure the availability of cash from ATM machines; how they deal with a liquidity squeeze in the wholesale market; and how well firms communicate with authorities and each other, with a particular focus on investment banking operations, according to Reuters. The seventh financial sector cyber exercise by UK authorities comes amid growing international concern about the safety of financial markets in the face of increasingly sophisticated cyber attacks. In September 2013, Scott Borg, chief of the US Cyber Consequences Unit, said he believed manipulation of international financial markets will be the next evolution of cyber crime. A recent report from the Treasury said the financial system had a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure and complex legacy IT systems. In the light of the report, the Bank of England’s Financial Policy Committee (FPC) has given banks and organisations core to the financial system six months to outline their strategies to protect against potential cyber attacks. Banks are increasingly being targeted by criminals who target financial systems. In September, Barclays and Santander were targeted by cyber criminals using a keyboard video mouse (KVM) switch to gain remote control of bank computers. The Santander attempt was foiled, but £1.3m was transferred out of accounts at Barclays before police tracked down the gang. Multi-channel complexity “It is vitally important that cyber security tops the priority list for IT departments in the UK’s financial service organisations – so the news that capabilities in the UK will be tested is welcome,” said Dorian Wiskow, client managing director, financial services, Fujitsu UK & Ireland. “Not only are banks operating with legacy systems that in some cases have been in existence for many years,  it is also a sector where innovation across new banking channels, such as online and mobile, is creating complex multi-channel IT infrastructures,” he said. According to Wiskow, CIOs in the banking industry are facing the difficult challenge of securing multi-channel environments, while ensuring customer experience does not suffer. What is paramount here is that the industry does not overlook or get complacent about security or place it in the ‘too big to fix’ category,” he said. Barry Shteiman, director of security strategy at Imperva also welcomed the exercise, saying it shows authorities realise that the threat is real, is growing, and is a risk for the UK financial industry. Contingency plans He said it was important to have a committee planning security controls, cyber attack response steps and a high-level protection plan. “This means that the different financial cyber security heads in the UK can join forces to strategically plan how to mitigate potential cyber threats.

This is threat intelligence in its simplest and most effective form,” said Shteiman. This also means that the government will potentially have a way to regulate and measure the cyber security state based on an educated study of best practices, he said, which will lead to financial information and estates being secured in a much more focused way. “This is what the PCI Data Security Standard (PCI DSS) has done with credit card companies and clearing houses to lower the risk of a breach. It had an important effect in making sure that every business that wishes to keep credit card information or transact in high volumes, is required to secure itself or be fined,” said Shteiman. Adrian Culley, ex-Detective with Scotland Yard's cyber crime unit and global technical consultant at security firm Damballa said banks face advanced threats on a daily basis and often face challenges in dealing with these effectively. “Early detection and containment is paramount, because the fact is that these are complex systems and threats are designed to bypass even the most secure networks.

The threat will remain diverse, blended and sophisticated.  So must the response,” he said. Network breach Geoff Webb, director, solution strategy at security firm NetIQ, said was it is good to see banks preparing for cyber attacks, they need to recognise that they are already likely to have been breached. “It might sound alarmist, but given that no firewall can guarantee to keep out all intruders, banks have to assume that cyber criminals are already inside their network,” he said. According to Webb, the skill of modern cyber criminals lies in the fact that they can be almost indistinguishable from genuine employees. “Once inside an organisation’s perimeter they immediately aim to elevate their own authorisation levels to those of a privileged employee, using that clearance to steal valuable information,” he said. For this reason, Web said talking about inside and outside threats to banking security is an increasingly outdated way of thinking. “Banks have to assume that they have already been breached and as a result need to act accordingly. Operation Waking Shark 2 helps banks to prepare for the external attacks that are happening on a regular basis, but banks need to address the fact that they are likely to have hackers inside their organisation already by monitoring who accesses what and when, looking for tell-tale signs of hacker activity,” he said. A report on the outcome of Operation Waking Shark 2 is to expected to be released either in December 2013 or early in 2014. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
A GP has voiced her concerns about the NHS's controversial new system for collecting and analysing data, Care.data, questioning why the health service needs to obtain so much data from the UK's citizens. Dr. Jane Lothian, GP and medical secretary at Northumberland Local Media Committee (LMC), told Computing that while the Summary Care Record programme was just about justified, the amount of information that NHS England now wants to obtain in its Care.data programme seems excessive. The Summary Care Record contains information about the medicines patients take, allergies they suffer from and any bad reactions to medicines they have had. Care.data is far wider reaching, and Lothian believes this could be inappropriate, even if it is anonymised like the NHS claims it is, particularly because there hasn't been clarity on the secondary use of that data by third parties. "Everything will be coded; the better the practice, the more they will code the data, so some practices might even code the narrative, so it gives the Health and Social Care Information Centre (HSCIC) a lot of information. It's all OK if it's going to be used for public health planning, but there has been suggestions that the data might be accessible to third parties," she said. Sensitive data on patients would also be obtained, and Lothian believes that even with measures in place to anonymise data, certain patients' records could be identifiable. "Does everyone want to release diagnoses of sexual transmitted diseases, sexual function problems, mental health problems, and very detailed drug lists?" she asked. "[The LMC] has always accepted and encouraged the use of data for planning health care, but the extraction for potentially identifiable information - and I know the NHS has said that there are many layers of anonymisation, which I believe, but it is just a very big change from the medication and allergies in the Summary Care records, to the whole of somebody's medical records - you just wonder why so much detail is needed," she said. Lothian did however welcome the NHS's decision to splash out £1m in sending out leaflets to householders to explain the plan. NHS England had initially told Computing that GPs were to raise awareness on their own. "As GP practices, we are much happier that information-giving will be taken out of our hands, and for something as big as this, it shouldn't be done on a local level anyway," she said.