Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security strategies to protect the financial sector
There is no doubt that the financial sector is on one of the front lines of a silent and constant war against cyber threats.
Imagine for a moment the serious consequences of a cyber-attack on a bank. Customers' financial data could be stolen, which could lead to significant financial losses and, possibly, permanent damage to their financial reputation. Critical assets of the financial institution could also be compromised, which could result in an irreversible loss of confidence among customers.
An attack on one of these entities could provoke an incident that could destabilize the financial system and the global economy.
In this critical context, the protection of the banking system has become a global concern and a top priority for this sector, which requires solid strategies and effective tools to combat cybercriminals.
In this regard, we will now explore two key concepts that are helping to strengthen cyber security in the financial sector: Red Teaming and the TIBER initiative, which not only help to identify and mitigate risks, but also contribute to protecting financial stability worldwide.
What is Red Teaming?
As we have discussed, there are very sophisticated cyber threat actors that have targeted the financial system. As such, it is critical for entities to reduce their vulnerabilities all the time and strengthen their overall resilience.
This requires diverse and layered approaches, solutions, and tools. Red Team services are the perfect tool for this purpose, since they help institutions to assess and enhance their protection, detection and response capabilities.
Red Teaming, specifically, is the strategic cyber security practice of simulating cyber-attacks to assess the security of an organization as a whole. These cyber-attacks are based on intelligence from critical systems in production, which mimic the tactics, techniques, and procedures (TTPs) that real-world threat actors would use.
◾ Unlike traditional pentesting tests, which focus on finding vulnerabilities, Red Teaming evaluates an organization's overall security posture, including people, processes, and technology. This holistic approach identifies weaknesses that may not be evident in conventional security assessments.
What is TIBER-EU and TIBER-ES?
TIBER-EU, an acronym for Threat Intelligence-Based Ethical Red Teaming for the European Union Financial System, is a specific framework developed for the financial sector in the European Union. Its main objective is to strengthen cyber resilience by conducting structured Red Teaming exercises.
The European Central Bank took the decision to focus on cyber security applied to banking and was inspired by similar initiatives, such as CBEST in the UK or TIBER-NL in the Netherlands
For this purpose, the document "TIBER-EU Framework - How to implement the European framework for Threat Intelligence based Ethical Red teaming" was published in May 2023 and in August the guide for suppliers called "TIBER-EU Framework - Services Procurement Guidelines".
Additionally, the DORA Regulation (Digital Operational Resilience Act) - Regulation (EU) 2022/2554 has been developed which seeks to measure the digital operational resilience of the financial sector. It is designed to establish a single framework that homogenizes how financial institutions should manage digital risk in EU finance.
Although DORA came into force in January 2023 it is not expected to be fully implemented until January 2025. This framework requires conducting advanced testing on critical functions, including third parties, every three years, and although the framework has not yet been fully developed it will be conducted in collaboration with the European Central Bank, in accordance with the TIBER-EU framework.
◾ TIBER-EU was presented in 2018 being the first European framework for managing and performing advanced cyber security testing. In its case, the Bank of Spain approved and adopted locally the TIBER-ES regulation based on the European standard, approving its implementation guideline in December 2021.
TIBER in depth and how it helps financial institutions
The European Central Bank defines the TIBER as a framework for conducting cyber intelligence-based Network Teaming exercises:
It provides guidance on how law enforcement, entities, and intelligence providers and Red Team teams should work together to test and improve the cyber resilience of entities by conducting controlled cyber-attacks.
_____________
TIBER is a common framework that provides Red Team testing in a controlled, intelligence-driven manner of entities' critical functions.
TIBER's objectives are diverse and essential for the financial sector, including:
- Improve the cyber resilience of financial institutions, essential in an environment where threats are constantly evolving, strengthening their ability to resist and recover from cyber-attacks.
- Standardize and harmonize Red Team exercises. This ensures that testing is consistent and effective across the financial industry and facilitates comparison of results and implementation of best practices.
- Provide guidance to authorities at the European level on how to implement and manage these tests. This encourages collaboration and information sharing between jurisdictions, which is especially beneficial for companies with a multinational presence.
- Reduce the regulatory burden by providing support and oversight by authorities to ensure that financial institutions can focus on improving their cyber resilience without being overwhelmed by bureaucracy.
◾ TIBER achieves these objectives by focusing on highly realistic Red Team tests. These tests are performed on production systems, which means that the attack scenarios are as close as possible to real-world situations. They also require the participation of external vendors, which adds a component of surprise and realism to the tests.
Benefits of implementing this TIBER framework in financial institutions
There are many benefits that the implementation of TIBER offers to financial institutions, but we will focus on the three most outstanding ones:
- Proactive risk identification: TIBER enables the identification of vulnerabilities and weaknesses in cyber security defenses before malicious actors can exploit them. This early risk identification provides the opportunity to address security issues before they become real cyber threats.
- Improved security posture: by simulating real-world attacks, institutions can strengthen their security measures to better protect sensitive customer data and critical infrastructure. This leads to greater cyber resilience and the ability to respond effectively to security incidents.
- Regulatory compliance: because compliance with TIBER standards helps organizations meet regulatory requirements and demonstrates their commitment to cyber security. Complying with these standards is essential to avoid regulatory penalties and maintain customer confidence.
How an MSSP can assist the financial sector in adopting the TIBER framework.
Managed Security Services Provider (MSSPs) play a crucial role in the successful adoption of the framework by financial institutions.
In this sense, Telefónica Tech provides financial institutions with a Red Teaming service, based on the TIBER framework, which allows us to offer them the following services:
- A comprehensive assessment of the financial institution's current security posture. This includes a review of the existing security infrastructure, cybersecurity policies and procedures, and identification of potential gaps and vulnerabilities. This assessment serves as a starting point for designing and tailoring TIBER-specific Red Teaming exercises to the needs of the organization.
- The design of realistic and challenging attack scenarios, in close collaboration with the financial institution, that align with current and future cyber threats. These scenarios will be as close as possible to real-world situations to provide an accurate assessment of the institution's resilience. To this end, we apply our advanced Cyber Threat Intelligence capabilities to emulate the tactics, techniques, and procedures (TTPs) of the threat actors most likely to have targeted the financial institution.
- The execution of Red Teaming exercises according to previously defined scenarios. This involves the simulation of cyber-attacks by our highly trained Red Team specialists acting as real cyber adversaries. We help the financial institution identify weaknesses in its security posture, assess its detection and response capabilities, and proactively take corrective action.
- Analysis of results and recommendations upon completion of the Red Teaming exercises. We perform a comprehensive analysis of the results, including identification of the vulnerabilities discovered, assessment of the potential impact of these vulnerabilities and presentation of concrete recommendations to improve cyber resilience. Of course, these recommendations are based on cyber security best practices and the most updated threat intelligence.
- We also offer support and assistance in implementing the measures identified to improve cyber resilience. This means that we not only limit ourselves to identifying vulnerabilities, but we also offer support in the implementation of security solutions. This may include the configuration of advanced detection systems, the improvement of security policies, the training and coaching of Blue Team teams to improve the efficiency of detection systems, with their procedures and response capabilities, or even the adoption of state-of-the-art technologies to strengthen your defenses.
An approach to robust cyber resilience in the financial sector
Telefónica Tech, as a Managed Security Service Provider (MSSP), is a strategic technological partner for financial organizations. We understand the critical importance of protecting digital assets and confidential information in the financial environment.
We collaborate closely with our customers, to understand their specific needs and challenges and design customized solutions that address their risks and strengthen their security posture.
Our team of Cyber Security experts is constantly updated on the latest security threats and trends. We use advanced technology and tools to proactively monitor, detect and respond to potential cyber-attacks.
We also provide incident management services, security assessments, vulnerability analysis and specific security training to help financial organizations strengthen their defenses, prepare for evolving challenges, and accompany them on their cyber resilience journey.
Image from Krakenimages on Freepik.
