Home Tags Bank of England

Tag: Bank of England

Intros CENTA - that new money smell Three of the Bank of Englandrsquo;s cyber specialists have joined NCC Group to lead a newly established threat assurance unit at the UK-based security consultancy firm.…
Corlytics, the world leader in regulatory risk intelligence, has dug into the Libor enforcement actions globally to better understand the allegations against the Bank of England pressuring banks to submit lower Libor readings during the financial crisi...
Banks 'effectively unregulated on cybersecurity' It might take a major bank to fail as a result of a cyber attack for meaningful changes in cybersecurity practices, regulation and governance in the UK banking market to be implemented, a leading industry commentator has said. In an interview with Out-Law.com, professor Richard Benham, chairman of the National Cyber Management Centre, expanded on earlier comments he provided to the BBC. He reiterated his view that there will be a run on a bank in 2017 as a result of customers losing confidence in the security of their funds following a cyber attack, and said more formal regulation of cybersecurity is needed in UK banking. Benham said that, despite the existence of Bank of England guidance, the banking industry is currently "effectively unregulated on cybersecurity".

There is a lack of "mandated standards", he said, and that these should be put in place. "At the moment there is a tendency to leave banks to manage their own security," Benham said. The Tesco Bank incident, and the attacks carried out via the SWIFT banking system, such as those that affected Bangladesh’s central bank and Ecuadorian bank Banco del Austro, should "serve as a wake up call" to industry over cybersecurity vulnerabilities, he said. However, he said he believes some banks appear too willing to sacrifice an element of security when working on initiatives aimed at enhancing the customer experience, in response to consumers' demand for faster means of transferring money. Citing the greater regulation banks have faced since the "credit crunch" as an example, Benham predicted, though, that "it might take a major failure" of a bank, stemming from a successful cyber attack and subsequent run on the bank as customers seek to withdraw funds, to prompt tighter regulation of cybersecurity of banks by central banks, governments and regulators. Benham said that the Tesco Bank case showed that banks can fall victim to hackers and that leading industry figures admit that, should attacks be successful, it is inevitable customer funds will be stolen. Online-only banks are perhaps more vulnerable to reputational damage, loss of customer confidence and a subsequent run on funds, should a cyber attack knock-out their systems, Benham said. High street banks, able to deal with issues in-branch, might be able to better respond to customer concerns and issue refunds quicker in the event they are hit by such an attack, he said. The ability to reassure customers about the security of their funds, and issue refunds speedily, will be vital to a bank should they fall victim to a cyber attack, he said.

Bank customers are likely to show "a degree of apathy" towards a bank's cybersecurity failings if they are promptly refunded for any losses they have sustained, he said. At the moment, the true scale of losses banks suffer from cyber attacks is unknown, Benham said.

This is because banks are able to disguise figures under the generic 'fraud' label, he said. However, he said the forthcoming General Data Protection Regulation (GDPR), with its new data breach notification obligations, is likely to bring a greater number of such attacks to light, as well as more details about their impact. He said it is hard to predict what impact that might have on customer confidence and their eagerness to move money out of accounts. Last month, Andrew Tyrie, chair of the UK parliament's Treasury Select Committee, said the current "lines of responsibility and accountability for reducing cyber threats" in banking "appear to be somewhat opaque".

Tyrie said the UK should consider reorganising its governance of cyber risk in financial services so that there is "a single point of responsibility". Copyright © 2016, Out-Law.com Out-Law.com is part of international law firm Pinsent Masons. Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
Press Release

CREST joins with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to strengthen cybersecurity skills and competence in Hong Kong.

18 November 2016: CREST has announced that it is collaborating with the Hong Kong Institute of Bankers (HKIB) and the Hong Kong Applied Science and Technology Research Institute (ASTRI) to deliver its high-level cybersecurity accreditations and examinations across Hong Kong from December 2016.

CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

From December, CREST will be working closely with both HKIB and ASTRI to develop tailored assurance programmes aligned to the needs of the dynamic Hong Kong market.

Rowland Johnson, director of CREST international, commented: “We are delighted to be working together with HKIB and ASTRI to deliver CREST certifications and accreditations in Hong Kong. We have seen a significant increase in cyber-attacks on the financial services sector.

Governments and regulators around the world recognise the importance of developing greater skills to fight cyber-crimes. With increasing demand for penetration testing and red teaming services within Hong Kong, high level CREST certifications give customers the trust and confidence they need when sourcing cybersecurity solutions.”

“CREST certifications have already become the de-facto standard in the UK and Australia; this latest announcement means that CREST will now be able to deliver increased levels of confidence to the buying community in Hong Kong in its fight against cyber-crime,” Ian Glover, president of CREST. “In partnership with HKBI and ASTRI, CREST seeks to strengthen and professionalise the cybersecurity skills and standards in Hong Kong.”

CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security market.

CREST provides internationally recognised accreditations for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

All CREST member companies undergo stringent assessment; while CREST qualified individuals have to pass rigorous professional-level examinations to demonstrate knowledge, skill and competence.

CREST also supports the industry by providing in-depth guidance material and commissioning detailed research projects all of which is provided to the industry free of charge.

Working alongside the UK’s Bank of England (BoE), government and industry, CREST also developed a framework to deliver controlled, bespoke, intelligence-led cybersecurity tests.
STAR (Simulated Targeted Attack and Response) incorporates penetration testing and threat intelligence services to accurately replicate threats to critical assets.

The STAR tests use Threat Intelligence to deliver these attack simulations to provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attack.

The STAR scheme is a prerequisite for membership of the BoE CBEST scheme, used to provide assurance to the most critical parts of the UK’s financial services.

CREST accreditations are also supported by comprehensive codes of conduct for both the company and individual.

These codes are used to ensure the quality of the services provided, the integrity of the companies and individuals and adherence to audited policies, processes and procedures.

This provides a significant level of protection for any organisation procuring these types of services.


For media enquiries contact: Allie Andrews, allie@crest-approved.org, +44 (0) 7940 452710

reader comments 59 Share this story The value of bitcoins plummeted 20 percent after almost 120,000 units of the digital currency were stolen from Bitfinex, a major Bitcoin exchange.The Hong Kong-based exchange said it had discovered a security breach late Tuesday, and has suspended all transactions. “We are investigating the breach to determine what happened, but we know that some of our users have had their Bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up,” said the company on its website. Bitfinex added that it was working with law enforcement to investigate the theft and planned to resume operations despite the hack. It said any settlements for “open margin positions, associated financing, and/or collateral affected by the breach” will be at the market prices as of 18:00 UTC. “We will look at various options to address customer losses later in the investigation,” Bitfinex continued. “While we are halting all operations at this time, we can confirm that the breach was limited to Bitcoin wallets; the other digital tokens traded on Bitfinex are unaffected,” added the company. The news comes just two weeks after the Bank of England warned that Bitcoin is “peppered with flaws” as a currency. According to comments by Zane Tackett, director of community at Bitfinex, on Reddit, a total of 119,756 bitcoins were stolen—at an average value of of $650 per Bitcoin, that amounts to more than $77 million.

The hack caused the currency drop as investors sold off their Bitcoin holdings cheaply.

At its lowest following the hack, one bitcoin was worth about $480, but its value has since rallied to about $550. Stealing bitcoins seems to be de rigueur for the fledgling cryptocurrency, and so far hasn't really affected its long-term exchange value. Bitcoin has proven extremely resilient to such turmoil.

Bitcoin crashed in 2013, losing nearly half of its value in six hours; last February it was estimated that hackers had easily stolen $95,000 from poorly secured Bitcoin wallets; and in May, Hacking Team hacker, Phineas Phisher, claimed to have stolen about $11,000 in bitcoins and donated them to Kurdish anticapitalists. This post originated on Ars Technica UK
Thomson Reuters 'working furiously' to secure 2.2 million sensitive records. The terrorist database used by global banks and intelligence agencies World-Check has reportedly leaked online. The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world's 50 largest banks, along with 300 government and intelligence agencies. The Thomson Reuters database is accused of falsely designating citizens and organisations as terrorists.

Banks have used this data in whole or in part to shutter accounts, effectively locking people out of vast swathes of the global banking system. Established security researcher Chris Vickery found the database and told The Register it is still exposed online after he disclosed its location to Thomson Reuters. "As far as I know, the original location of the leak is still exposed to the public internet," Vickery says. "Thomson Reuters is working feverishly to get it secured." Thomson Reuters says it will provide citizens and organisations information about their designation on individual request.

Alerts are not issued to known contacts of those affected when terrorist designations are assigned, however. A high profile public disclosure of the database beyond the original leak could be reckless: World-Check contains sensitive information on citizens regarding their alleged criminal histories and terrorist links. Thomson Reuters requests that banks and other customers use multiple sources alongside World-Check and requests that the secretive database not be cited in any public decision-making materials. The organisation rejects accusations that World-Check is a controversial service. Inaccurate terror designations were first revealed by the BBC's Radio 4 which gained 30 minutes of access to the database in August 2015 from a disgruntled customer. That program revealed multiple British citizens who had their HSBC bank accounts closed in 2014 without the possibility of appeal, because what they claimed were incorrect records in World-Check identifying them as having terrorist links. One of those was the account for the UK Finsbury Park Mosque which was described in a HSBC letter as having "fallen outside of HSBC's risk appetite". The Mosque was in years past visited by Al Qaeda operatives, Beslan Siege members, and had convicted terrorist Abu Hamza al-Masrim as its imam in 1997. Since that time the Mosque has been run by a group supported by the Metropolitan Police. Sources say HSBC closed on the mosque because it donated money to Palestine during the 2015 Israel-Gaza war. At the same time HSBC shuttered the account of the Cordoba Foundation, a UK think tank which was designated by the United Arab Emirates as a terrorist organisation for its alleged links to the Muslim Brotherhood. The dynamic Muslim Brotherhood movement is a political opponent in the region. HSBC shuttered the accounts of foundation chief executive Anas Altikriti, including his three-decade old personal account, and that of his wife and two teenage children. The BBC reported finding information in World-Check based on Wikipedia entries, bias blogs, and state-backed news agencies. Vice News also gained access to the World-Check database in Feburary. It found terrorist profiles including the Council on American-Islamic Relations executive director Nihad Awad, joined former US President George W.

Bush in a post 9/11 press conference, and the organisation itself. Former World Bank and Bank of England advisor Mohamed Iqbal Asaria awarded a Commander of the Order of the British Empire award in 2005 was also listed as a terrorist. Vickery has reported recent large-scale breaches including information on 93 million Mexican voters in April.

The records were exposed thanks to a configuration error in a MongoDB database. He also earlier revealed the exposure of 13 million records of MacKeeper, Zeobit, and Kromtech, and some 1700 records of children from website uKnowKids. ®