The Financial Services Information Sharing and Analysis Center (FS-ISAC), as part of its ongoing effort to promote information sharing and industry preparedness in response to cyber security threats, has announced the results of a cyber attack exercise for financial institutions that was held in November 2012.
Four hundred and forty-six financial institutions participated in the 2012 Cyber Attack against Payment Processes (CAPP) exercise. Participants were presented with a series of complex simulated attacks that were based on real world attack scenarios. The simulated attacks used in the exercise included customer online banking account takeovers, distributed denial of service (DDoS) attacks, altered ACH files, fraudulent wire transfer requests and the loss/theft of customer information (PII). CAPP is a tabletop exercise, and no attempts were made to actually penetrate the security of any financial institution.
The firms that participated in the exercise typically had their incident response teams responding to the simulated attacks over a three day period. At the conclusion, a collective debrief was held to review the variety of techniques used in response to the threat scenarios.
“The simulations we staged for CAPP participants are based on recent real world attacks experienced by our members,” said Bill Nelson, President and CEO of FS-ISAC. “This is the third year that the CAPP exercise was held and it is an intense three day exercise that promotes collaboration and intelligence sharing among financial institutions, and ultimately contributes to a stronger financial infrastructure.”
The self-evaluation process highlights the strengths and weaknesses of the responses, but of equal importance, facilitates the sharing of knowledge and the development of best practices. This year’s CAPP exercise showed that financial institutions react and adapt quickly to new threats. Most firms used layered security as a common defense and have developed specific plans to counter DDoS attacks. The exercise results also concluded that effective communication is essential, as is recruiting expert assistance when necessary.
As the demand for immediate payments implementation grows in the United States, Iliad Solutions have identified one of the largest risks to face the payments industry over the next few years.
Barclays has signed contracts with six of the fintech startups that just graduated from its second New York accelerator programme.
Company card killer Pleo has raised $3m in new funding as it prepares for public launch in the UK and Denmark.
Cheques are become less and less common in the UK according to new research from global market research firm Mintel which claims contactless card use has overtaken cheque payments in the UK for the first time.