- KPMG comments ahead of the 'war games' exercise carried out by financial firms to test how well they handle a major cyber attack
Thousands of staff at a number of financial firms in London are taking part in 'war games' exercise to test how well they can handle a major cyber attack. As part of the test, the firms will be bombarded with messages and placed in certain scenarios. Simulations will include how banks ensure cash remains available via their ATM networks, how they deal with a liquidity squeeze in the wholesale market and how they communicate and coordinate with each other and the authorities.
Speaking ahead of the test, Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team says: “The world’s largest companies have been targeted over recent months by increasingly sophisticated hackers. It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by the resources of nation states who are leading the charge.
“Incidents which involve the loss or theft of commercial rather than personal data often go largely unreported. Hacking is now widespread and the attackers range from the intellectually curious through to sophisticated nation states, the targets range from safety-critical processing systems through to price sensitive deal data.
“Regulators and companies are increasingly concerned about the threat of cyber attacks on the banking system so this is a great initiative for all involved to work collectively together to test our national defences against sophisticated attacks. This is a good opportunity to iron out any flaws now, before our cyber defences are tested in anger."
Bonner concludes: “The test will shine a light on our defences, and that is helpful not just for banks but for business in general. Cyber security failures not only impact business in monetary terms but also in the loss of intellectual property and more importantly, trust.”
A recent review by KPMG of the cyber security of non-financial company websites flagged up a range of cyber security concerns, including:
- Vulnerable web servers – corporate websites supported by out-of-date and potentially vulnerable technologies
- Sensitive information which could provide attackers with background on network users, email addresses and corporate intranet configurations
- These weaknesses add to the large amount of information available to hackers from social networks and public sources, all of which helps target sophisticated attack campaigns.
Companies can do a lot to make the attacker's life more difficult, including:
- Reviewing the amount of data leaked online and through public web sites. These are easy targets for hackers
- Ensuring internet-facing systems are kept fully patched and updated
- Educating everyone within the organisation about the value and sensitivity of the information they possess and how they can protect it
- Backing up employee training with sensible cyber security measures and a corporate culture that takes security seriously
Nahidur Rahman, KPMG Press Office
020 7694 8812 (t) or firstname.lastname@example.org
Mike Petrook, KPMG Press Office
020 7311 5271 (t), 07917 384 576 (m) or email@example.com
Notes to Editors:
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with over 12,000 partners and staff. The UK firm recorded a turnover of £1.8 billion in the year ended September 2012. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 156 countries and have 152,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. KPMG International provides no client services.