Bank of England turns to 'ethical hackers' to fix financial sector security

Vault
Bank of England invites hackers to test its network vaults

Bank of England is hiring white hat (or "ethical") hackers as part of proactive measures to test and improve the resilience of networks behind 20 of the UK's biggest banks and financial services.

The move, hailed as "groundbreaking" by sources cited by the Financial Times, will see the bank oversee a programme of "ethical hacking" designed to improve computer security in the financial sector.

Bank of England will hire specialists from approved companies with Crest certification, who will perform penetration testing to look for vulnerabilities that might be exploited by unscrupulous cyber criminals.

Proactive protection

The announcement follows an event in 2013 called Waking Shark II, which saw 220 hackers and 20 institutions, providers and government agencies rehearse a scenario where the entire banking sector is subjected to a major hacking incident.

The Bank of England plans have already been piloted, according to the sources. It is expected that major players like the Royal Bank of Scotland and London Stock Exchange will be taking part.

"For cyber criminals, British banks are without doubt becoming the crème de la crème of targets. Home to such valuable confidential data, banks are facing continuous, persistent attacks from outsiders, which puts huge amounts of pressure on them to have the strongest defences in place – a difficult task when faced with a constantly evolving threat landscape," said Ross Brewer, VP and MD for international markets at LogRhythm.

"Following hot on the heels of Waking Shark II, it's encouraging to see the banks continue to take proactive steps to protect both their own and their customers' data – even if the involvement of hackers may raise some questions."