Current Filter: Security>>>>>News>

   

The Bank of England’s new CBEST framework is a step forward in cyber security for the banking industry, using real threat intelligence to measure a bank’s ability to resist a sophisticated cyber-attack. However, what financial institutions and the Bank of England need to recognise is that even the best IT security infrastructure can be vulnerable to attack.

Today’s online attacks are incredibly complex with hackers approaching organisations from a range of unexpected angles. The first thing a skilled hacker will do once they inevitably breach a firewall is make themselves look like one of your employees; a wolf in sheep’s clothing, making them even more difficult to locate and neutralise. No amount of penetration testing, however rigorous, can ensure that every avenue of attack has been closed. So financial institutions must also focus efforts on dealing with situations in which attackers are successful in breaching defences. So it’s vital that the new framework examines the ability for banks to cope with what’s known as "insider threats".

These insider threats target users within the organisation that have access to sensitive data in order to gain a foothold and steal data. As a result it is now vital that financial institutions are deploying fully integrated solutions that ensure any access to sensitive data is authorised with access controls and real-time security monitoring. This gives security teams the intelligence necessary to most quickly recognise and disrupt an attack before significant damage is done and data is stolen. The CBEST framework needs to take account of the insider threat and measure the ability of institutions to detect and react to them. Not doing so will result in an unclear picture of the real weaknesses of financial institutions.