View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 16, 2015

BT boosts defences with Ethical Hacking for Finance

Cyber-defences of finance companies get put through their paces.

By Vinod

BT has launched an ‘ethical hacking‘ tool for the financial industry called BT Assure Ethical Hacking for Finance.

The solution uses methologies mimicking those of black hats or malicious attackers to provide a range of tests to challenge entry points to a company’s IT systems.

It has been designed to find vulnerabilities that could impact an organisation’s primary business processes and hence brand and reputation.

It also assesses weak points of an organisation, such as phishing scams, mobile devices, infrastructure hardware, networks, databases and enterprise resource planning systems.

As part of the solution, BT also tests for human failure, including examining how employees apply the policies. This fits with recent comments by Gartner’s Peter Firstbrook at the recent Security and Risk Management summit about the employee role in cybersecurity.

"[Security professionals] can’t do this alone. We must understand the limits of security technology and realise that properly motivated people can be the strongest link in our security chain.

"Phishing is the initial infection vector in almost 80 percent of infrastructure breaches. However, there are no completely effective technical controls for this problem. But when employees are motivated and understand the limitations of trust in email, the click-through rate of phishing emails drops dramatically."

Content from our partners
AI is transforming efficiencies and unlocking value for distributors
Collaboration along the entire F&B supply chain can optimise and enhance business
Inside ransomware's hidden costs

BT will use CREST’s Simulated Targeted Attack and Response (STAR) services to develop robust security solutions.

Mark Hughes, president of BT Security, said: "The prospect of accessing confidential financial information is a powerful lure for hackers so few companies attract as much online criminal attention as banks. Apart from direct financial loss, a serious hack could lead to irreparable reputational damage.

"While much of the concern focuses on retail-banking activities, the threat is just as important for investment banks or for wholesale, where banks provide services like currency conversion and large trade transactions for major corporate customers."

According to Bob Tarzey, Analyst at Quocirca, the offering is welcome but does not constitute ethical hacking in the conventional sense:

"In this case it is penetration testing by another name. BT will be attempting to break its customer defences by invitation. It is just using the term "ethical hacking" to sex things up a bit.

"Some would say that true ethical hacking is uninvited, but with good intent. That said, it is good to see BT developing such a service focused on the highly targeted financial services sector."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.