The Bank of England officially launched its CBEST framework to help mitigate the risk of cyberattacks, as criminals continually target banks and other financial institutions.
Using guidelines and threat intelligence from the British government and security providers, CBEST is designed to identify attacks against specific banks. And then attack strategies are replicated so banks are able to test their defenses to try to determine future methods to reduce risks.
In addition, the realistic penetration tests are replicated, with indicators available to assess cybersecurity maturity. Banks will be able to better understand where and how they are vulnerable – and how IT staff can improve security efforts.
The Digital Shadows UK cyberintelligence company assisted in developing the new testing framework, and it will be monitored and modified as needed.
“The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered in live tests, within a controlled testing environment,” said Andrew Grace, Bank of England Executive Director, in a statement. “The results should provide a direct readout on a firm’s capability to withstand cyberattacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability.”
Financial crime is a high-profile target, with cyberattacks targeting financial institutions serving as the second largest source of direct loss from cybercrime, according to McAfee’s “Net Losses: Estimating the Global Cost of Cybercrime” report.
Source: Bank of England.