Goldman Sachs enlists staff for cyber security war games

  • January 14, 2019
 

Goldman Sachs is turning to cyber security war games to make sure its 8,000 technology staff are up to speed on the hacks and viruses that could delete bank data, compromise privacy or otherwise threaten vital operations.  Cyber security is one of banks’ biggest concerns, with financial institutions from Mexico to the UK falling victim to attacks that have severely disrupted operations and cost the industry more than $18bn in 2017 alone, according to research from consultancy Accenture.  Goldman has just become the first bank to sign up with Immersive Labs, a UK-based company that offers continuously-evolving learning tests and war games on cyber threats.  The Wall Street giant, which famously describes itself as a ‘technology company’, is offering its 8,000-strong technology workforce access to the platform, where they can test their skills against colleagues and compete on a company-wide league table.  “Threats are emerging all the time, the challenge is to find a company that can keep as current as we are,” said Jo Hannaford, head of technology for Europe, the Middle East and Africa at Goldman, who said she believes that Immersive’s offering is the only one of its kind. Four hours after the WannaCry malware attack became public on May 11 2017, Immersive Labs created a tool allowing clients to analyse how the ransomware behaved and helping them to develop prevention antidotes. A lot of our heavy users use the platform on Friday and Saturday night so they want to be top of the leader boards on Monday morning James Hadley, chief executive of Immersive Labs James Hadley, chief executive of Bristol-based Immersive Labs, said other examples of Immersive’s tools include asking users to “break into a fictitious bank to steal credit card numbers” so they can create programs that are less vulnerable to attack.  Ms Hannaford said Goldman probably would not make the Immersive Labs programme mandatory, but that she “could see a scenario where a particular issue arose and we wanted everybody to understand it” and a particular test was obligatory.  She also ruled out financial incentives for those who performed well in the labs, or using the feedback from the labs on technologists’ aptitude as part of Goldmans’ performance evaluation metrics.  “We want people to do these things for the right reasons and the incentive obviously should be learning,” she said, adding that her programmers were “so hungry for information” and that there was “huge interest” in cyber right across the company.  Mr Hadley said a culture of competition had encouraged high levels of participation by technical staff at Immersive’s other clients, which span the corporate, commercial and official sector. “A lot of our heavy users use the platform on Friday and Saturday night so they want to be top of the leader boards on Monday morning,” he added.  Ms Hannaford would not say how much the program costs, but said it was “excellent value” and that she hoped other banks would follow suit.  “We all need to continue to collaborate with other firms on this,” she said. “There’s no competitive advantage here, the advantage is we stop this form of crime . . . by doing this, hopefully we can help create a platform which helps us in that direction.” If other banks join, Wall Street’s technologists could pit their cyber security skills against each other.  Mr Hadley said: “On our road map is the ability to benchmark on organisation so they can see how do their teams fare compared to the average on their sector, so that their boards can sleep at night.”  Immersive Labs also has a program that invites students and veterans to take part in tests, which can unlock the right to apply for jobs. Their applications are then sent through without any information on their academic record, race or qualification.  “I like the idea of providing a way of measuring aptitude, of not making it about academic qualifications and more about skills, it’s more democratic,” said Ms Hannaford, adding that Goldman would “absolutely” be open to taking applications in this way in the future.

 

Source: FT.com