New Framework Helps UK Financial Institutions Improve Resilience to Cyberattacks
A new cybersecurity framework has been launched to help financial institutions in the United Kingdom test their systems for vulnerabilities and strengthen their resilience to cyberattacks, the Bank of England announced on Tuesday.
The new framework, dubbed CBEST, has been developed by the Council for Registered Ethical Security Testers (CREST), a not-for-profit organization that represents the technical information security industry, various UK financial authorities and other organizations.
Similar to the Waking Shark II cyber exercise conducted last year, CBEST comes in response to recommendations by the Financial Policy Committee to improve and test resilience against cyber-attacks.
CBEST is designed to help boards, infrastructure providers and regulators understand the threats faced by the financial sector. The framework also aims at testing the effectiveness of detection and recovery processes, CREST said.
Unlike other cybersecurity tests conducted by the financial services sector, CBEST is based on threat intelligence, which ensures that simulations are as close as possible to real threat scenarios. Moreover, the testing focuses on sophisticated and persistent attacks against essential services and critical systems.
“Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets,” commented Ian Glover, president of CREST.
“CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions.”
The key benefits of CBEST are access to advanced cyber threat intelligence, skilled intelligence analysts, qualified penetration testers, benchmarking information, and standard key performance indicators that indicate an organization’s ability to detect and respond to cyberattacks.
“The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered in live tests, within a controlled testing environment,” Andrew Gracie, the executive director of resolution at the Bank of England, said in a speech at the British Bankers’ Association.
“The results should provide a direct readout on a firm’s capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability.”
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
Latest News
- Apple Unveils Upcoming Privacy and Security Features
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
