PA is extensively quoted in a news article on stress-testing the security of UK banks and online payment systems by using Operation Waking Shark 2 – the project name for this simulated cyber-attack.
PA explains the logic for Waking Shark 2: “It's fine to have a plan - but if it's never been tested, then how much confidence can you actually draw from it? It's one thing to submit a report, it's another thing to have a plan that's been robustly tested.”
PA feels that the war-game exercise “will be as lifelike as possible” and will enable the banks and credit card companies to test their defences and draw insights. He also believes the simulation is unlikely to risk using live customer data or to take any bank's systems offline.
“The focus of the stress-test is likely to be the banks' biggest area of vulnerability – their mobile and online payments systems.
“Banks nowadays are processing far more online and mobile transactions than they ever were, so the likelihood of any instance of fraud or any threat to their security is likely to come through that channel, rather than some sort of breach in a branch."
PA adds that if someone tried to bring down the banking system or tried to disable payments for a period of time either to cause havoc or because they wanted to send a message doesn’t necessarily mean they want to commit fraud. It might just be because there’s a political motivation.
PA explains that the latest test marks an attempt by the Bank of England, under new Governor Mark Carney, to show it is providing proper oversight and assurance around what's going on in the financial services industry,
“You've got a massive shift towards online and mobile banking which is only getting greater and so more transactions are happening there therefore more value is stored up in those channels, therefore if a threat materialises in those channels it's going to be more substantial.
“The sorts of threats that they need to mitigate against are a completely different set to the ones that the regulation was designed to stop maybe 10 years ago.”
PA concludes by highlighting the theft of £1.3 million from a Barclays Bank branch in London earlier this year using a KVM (keyboard video mouse) device and explaining that this was a much more isolated and individual threat.