The exercise organised by FS-ISAC, a global information sharing community for the financial services sector, and hosted by the largest Dutch bank ING, mimicked an online attack on a real-world bank network environment. From a range of prominent financial institutions, including the Dutch Payments Association and the Association of Financial Markets in Europe (AFME), the exercise tested how network defenders organised and communicated among themselves to varying degrees of success. The cyberassault mirrored the infamous WannaCry ransomware attack of 2016 that is estimated to have affected more than 200,000 computers across 150 countries and caused damage estimated in the billions of dollars.

“The cyber-range exercise was a great step forward for the launch of the exercise programme in EMEA,” said Vincent Thiele, head of Cyber Crime Expertise and Response Team at ING Bank and FS-ISAC Board member. “ING looks forward to strengthening its relationship with other members and sharing vital knowledge and best practices with the financial services community.”

The FS-ISAC cybersecurity exercises enable members to develop best practices for their respective institutions and help with crisis response coordination within the sector, cross-sector, with law enforcement and other governing bodies. The organisation is currently building a range of customised exercises for the financial services sector including:

Cyber-Attack Against Payment Systems (CAPS) - This annual virtual exercise is aimed at payment companies, free to all regulated financial institutions in EMEA, Asia-Pacific and the Americas. Participating members benefit from testing their organisation’s readiness in case of an attack and free benchmarking against peers.
Cyber-Attack Against Insurance System (CIAS) - This virtual exercise simulates an attack on insurance companies to help gauge their readiness in the event of an incident. The exercise is available to all insurers via remote participation.
Cyber-Range Exercises - Members participate in a technical, hands-on-keyboard experience that provides greater interaction and sharing, helping to increase capability maturity levels and resiliency across the financial services sector.

“The EMEA exercise programme encourages members and interested parties to stay up-to-speed on the latest cybersecurity practices and help them mitigate risks posed by the ever-changing cyberthreats,” said Bill Nelson, president and chief executive officer, FS-ISAC. “Participation in the exercises will contribute to improved response capabilities and act as an effective stress test on an organisation’s existing processes.”