Global telecoms and services giant BT has launched its first ethical hacking service for financial institutions, backed by non-profit information assurance body CREST.
Firms signing up to the BT Assure Ethical Hacking for Finance package will undergo a series of rigorous tests borrowing from black hat techniques designed to infiltrate organizations.
Mobile devices, laptops, printers, internal and external networks, databases and enterprise resource planning (ERP) platforms are just some of the systems that will be targeted as BT’s ethical hacking team look for the organization’s weakest points.
The program will include a technical evaluation as well as various exercise designed to test the resilience of employees – ie how susceptible they are to social engineering – and their ability to follow policies faithfully.
The aim is to identify weaknesses which could ultimately damage a client’s “primary business processes” and therefore brand and reputation, BT said.
“The prospect of accessing confidential financial information is a powerful lure for hackers so few companies attract as much online criminal attention as banks,” said BT Security president, Mark Hughes, in a statement.
“While much of the concern focuses on retail-banking activities, the threat is just as important for investment banks or for wholesale, where banks provide services like currency conversion and large trade transactions for major corporate customers.”
BT’s ethical hacking offering will see the telco giant use CREST’s Simulated Targeted Attack and Response (STAR) services – a framework developed by the Bank of England, the government and industry to deliver highly effective, customizable cyber security testing.
According to CREST: “STAR incorporates advanced penetration testing and threat intelligence services to more accurately replicate cybersecurity threats to critical assets.”
STAR is the prerequisite for CBEST, launched by the Bank of England last year, which is more specifically designed to provide greater assurance to the financial services sector via a stringent testing framework.