19 October 2015
Imagine you work at a bank or other financial institution. You’re in the office one day and you open up an email. Why not? It’s something most of us tend to do a lot.
Only this time your simple mouse click unleashes an alarming chain of events.
With that nonchalant push of your finger you unwittingly allow a hacker into your bank’s systems.
Then, before anybody is any the wiser, the hacker has created an admin account and swiftly retrieved tens of thousands of credit card numbers from a database.
After which they are more or less free to plunder funds at will.
But don’t despair because you might also want to imagine yourself breathing a sigh of relief when you discover that the hacker is actually one of the good guys. What he or she has just executed is known as an ‘ethical hack’.
Ethical hacking a security service designed to test the exposure of organisations to cyber-attacks.
Recently, BT launched Assure Ethical Hacking for Finance, a new service geared specifically to retail banks, investment banks and insurance companies.
The wealth of valuable and sensitive personal data held by financial organisations makes them among the most attractive targets for malicious hackers and cyber-criminals.
This risk has intensified in recent years as more and more retail financial services move online and electronic trading is on the rise.
With its Assure Ethical Hacking for Finance service, BT is helping financial firms to mitigate the risk by finding vulnerabilities before malicious hackers do.
The service uses mature methodologies that mimic those of ‘black hats’ or malicious attackers to provide a range of tests targeted at the various entry points to a bank’s IT systems as well as perceived ‘weak points’ of an organisation. These include phishing scams, mobile devices and hardware from laptops to printers, internal and external networks, databases and complex enterprise resource planning systems.
BT not only tests and verifies systems that can access the network but also checks for risks of human failure, for example by using social engineering to test how employees are applying the policies in place.
Assure ‘Ethical Hacking for Finance’ will enable BT to use CREST certified Simulated Targeted Attack and Response (STAR) services to help financial services firms to develop the most robust security solutions, making sure sensitive customer data remains secure.
Mark Hughes, chief executive of BT Security, said: “The prospect of accessing confidential financial information is a powerful lure for hackers so few companies attract as much online criminal attention as banks. We encourage all financial institutions to put themselves through a rigorous series of cyber-security simulations, whereby our ethical hacking consultants push the cyber defences of financial institutions to the limit