Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Waking Shark in second attack on UK banks


Tim Ring

SC Magazine

10 October 2013



PA is extensively quoted in a news article on stress-testing the security of UK banks and online payment systems by using Operation Waking Shark 2 – the project name for this simulated cyber-attack.

PA explains the logic for Waking Shark 2: “It's fine to have a plan - but if it's never been tested, then how much confidence can you actually draw from it? It's one thing to submit a report, it's another thing to have a plan that's been robustly tested.”

PA feels that the war-game exercise “will be as lifelike as possible” and will enable the banks and credit card companies to test their defences and draw insights. He also believes the simulation is unlikely to risk using live customer data or to take any bank's systems offline.

“The focus of the stress-test is likely to be the banks' biggest area of vulnerability – their mobile and online payments systems.

“Banks nowadays are processing far more online and mobile transactions than they ever were, so the likelihood of any instance of fraud or any threat to their security is likely to come through that channel, rather than some sort of breach in a branch."

PA adds that if someone tried to bring down the banking system or tried to disable payments for a period of time either to cause havoc or because they wanted to send a message doesn’t necessarily mean they want to commit fraud. It might just be because there’s a political motivation.

PA explains that the latest test marks an attempt by the Bank of England, under new Governor Mark Carney, to show it is providing proper oversight and assurance around what's going on in the financial services industry,

“You've got a massive shift towards online and mobile banking which is only getting greater and so more transactions are happening there therefore more value is stored up in those channels, therefore if a threat materialises in those channels it's going to be more substantial.

“The sorts of threats that they need to mitigate against are a completely different set to the ones that the regulation was designed to stop maybe 10 years ago.”

PA concludes by highlighting the theft of £1.3 million from a Barclays Bank branch in London earlier this year using a KVM (keyboard video mouse) device and explaining that this was a much more isolated and individual threat.    


Contact the financial services team

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.