Operation: Resilient Shield. Attack Simulation on Critical Banking Infrastructure
Skybox Blog Team Nov 19, 2015
In mid-November, US and UK banks waged war on cyber attackers in an effort to prevent massive data breaches and block exploitable vulnerabilities. Luckily, they were waging a war against themselves.
In a joint exercise dubbed “Resilient Shield” the US and UK governments and the major banks they support gathered a team of security experts and hackers to launch their assault. The war games focused on the communications paths across critical networks and attempted to infiltrate and exploit vulnerabilities in them.
Participating institutions hope to gain visibility into unknown or unresolved security gaps in their infrastructure and fix them before they can be exploited more broadly by someone far more nefarious than their own staff.
The exercise by the Bank of England and governments comes hot on the heels of the TalkTalk data breach in the UK, where millions of customer records and personally identifiable information were compromised by a group of four young men. The attack showcased how easily lax security can be exploited, resulting in a huge data breach that places the identities of your customers and the reputation of your company on the line.
While a telecom company’s data is incredibly sensitive in nature, a major concern for global financial services is the network infrastructure that supports everyday commerce between the world’s largest banking institutions. The fallout from a compromised financial system could result in millions of dollars in fines on the institutions, customer data being leaked or sold on the black market, and critical financial services grinding to a halt.
Other industries and enterprises are taking note. With the constant threat of cyberattacks, more organizations worldwide are proactively monitoring their critical infrastructure. Some organizations are using internal staff and contracted hackers to set up their own war games, attempting to break through their firewalls and security measures.
Another more scalable and comprehensive option is to employ software-based attack simulation applications to get insight and intelligence on various ways a malicious attacker could gain access to their internal networks. These platforms can model your network to see all ways an attacker can get in—whether through software vulnerabilities, misconfigured firewalls, or simple human error—as well as provide remediation options and prioritization for the most critical issues.
Using an attack simulation platform or even waging an all-out war on your own network can help reveal gaps and fortify areas of concern. And the time it takes to gain control of the integrity of your infrastructure isn’t long. With a vulnerability and threat management platform, companies have the ability to simulate attacks on a daily basis without dedicated hacking teams. Security teams can use a platform like Skybox to get total visibility of their entire network infrastructure, allowing security professionals to adequately understand the areas where they are susceptible to attacks and how to defend against them.