The Financial Services Information Sharing and Analysis Center (FS-ISAC), as part of its ongoing effort to promote information sharing and industry preparedness in response to cyber security threats, has announced the results of a cyber attack exercise for financial institutions that was held in November 2012.
Four hundred and forty-six financial institutions participated in the 2012 Cyber Attack against Payment Processes (CAPP) exercise. Participants were presented with a series of complex simulated attacks that were based on real world attack scenarios. The simulated attacks used in the exercise included customer online banking account takeovers, distributed denial of service (DDoS) attacks, altered ACH files, fraudulent wire transfer requests and the loss/theft of customer information (PII). CAPP is a tabletop exercise, and no attempts were made to actually penetrate the security of any financial institution.
The firms that participated in the exercise typically had their incident response teams responding to the simulated attacks over a three day period. At the conclusion, a collective debrief was held to review the variety of techniques used in response to the threat scenarios.
“The simulations we staged for CAPP participants are based on recent real world attacks experienced by our members,” said Bill Nelson, President and CEO of FS-ISAC. “This is the third year that the CAPP exercise was held and it is an intense three day exercise that promotes collaboration and intelligence sharing among financial institutions, and ultimately contributes to a stronger financial infrastructure.”
The self-evaluation process highlights the strengths and weaknesses of the responses, but of equal importance, facilitates the sharing of knowledge and the development of best practices. This year’s CAPP exercise showed that financial institutions react and adapt quickly to new threats. Most firms used layered security as a common defense and have developed specific plans to counter DDoS attacks. The exercise results also concluded that effective communication is essential, as is recruiting expert assistance when necessary.
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more