How automation enables a proactive security culture at Bank of England

The Bank of England security team uses automation to build intellectual capital, freeing up time to be more proactive and to better explain security to business units.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Cyber attackers continue to single out the financial industry. The UK Financial Conduct Authority found that the number of attacks and incidents reported by financial organizations has doubled over the last 12 months. These attacks are costly, too. According to Accenture the average attack cost financial organizations over $18 million in 2017.

As the UK’s central bank, the Bank of England (BoE) might be the most critical financial organization in the country.  Formed in 1694, it is the world's eighth-oldest bank, and is responsible for regulating all other UK banks, issuing bank notes, setting monetary policy and maintaining financial stability. The bank handles some £700 billion [$883 billion] worth of transfers across its system every day.

A critical part of the UK’s national infrastructure, the bank’s operations must remain uninterrupted and retain their integrity. Regular attacks from cyber-criminals, nation-state actors and even hacktivists (Anonymous targeted the Bank of England and other central banks as part of its #OpIcarus campaign in 2016) make that a challenge.

To help stay ahead of attackers, the bank has been investing hard in automation and being more proactive in its defenses.

BoE looks to automation to cope with patching vulnerabilities

BoE formed its cyber division in 2013 to centralize security operations and have a single center of excellence around security. Today the bank’s frontline security operations team consists of around 70 people.

Since that centralization initiative, the bank has ripped and replaced 50 percent of its security technology. Automation and proactivity are two key areas the bank is looking to double down on with new projects. “It's all about intellectual capital of our people,” says Neal Semikin, head of security and infrastructure at the BoE. “I don't really want people doing mundane activities day in day out, so the whole eyes-on-glass SOC—having someone responding to alerts—to me that is an old approach.”

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.