You can use the search function to find a range of UK Finance material, from consultation responses to thought leadership to blogs, or to find content on a range of topics from Capital Markets & Wholesale to Payments & Innovation.
A recent report by Bitsight has shed light on a concerning reality: more than 100,000 exposed industrial control systems (ICS) are owned by organisations worldwide, with the United Kingdom ranking second in Europe.
The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.
As digital connectivity is paramount and essential in our everyday lives, these exposures could threaten national security and public safety; therefore urgent identification, prioritisation, remediation or compensating controls are needed.
These vulnerabilities or misconfigurations extend beyond the digital realm, potentially giving attackers access or control over physical infrastructure such as power grids, traffic light systems, security controls such as CCTV or door entry systems, and water control systems. In this article, we delve into the insights from the Bitsight report, explore the lessons learned and suggest some best practices that financial organisations in the UK should consider to further enhance their cybersecurity and cyber risk programs.
The Bitsight report identifies the most commonly-exposed ICS protocols across a number of sectors and highlights those in the UK with the most significant degree of exposure. As financial organisations are the backbone of any economy, it is crucial for them to recognise the potential consequences of these vulnerabilities and the impact on their resilience readiness.
An attack on ICSs could not only jeopardise the confidentiality and integrity of financial data but also disrupt critical services - in turn affecting the stability of the entire financial ecosystem if compromised.
Lessons learned include the following highlights:
The Bitsight report highlights the need for the financial sector to reassess and strengthen its cybersecurity and cyber risk programs. By understanding the lessons learned from Bitsight’s research into exposed ICSs and implementing best practices, financial institutions can accelerate their security capability in a prioritised manner and therefore play a pivotal role in safeguarding critical infrastructure, protecting both national security and the confidentiality of their customer's sensitive data while ensuring the financial sector's readiness in the face of evolving cyber risks.
15.01.24
Tim Grieveson, Senior Vice President, Global Cyber Risk Advisor, Bitsight
26.04.24
22.04.24
24.04.24
By downloading this document, you understand and agree that any sharing, distribution or republishing of the content, without prior written authorisation from the author or content managers at UK Finance, shall be constituted as a breach of the UK Finance website terms of use.