Red Teams are an increasingly popular form of defence and are essential to complying with the TIBER-EU framework.
Every entity from banks and investment firms, to regulatory and credit agencies find themselves in a perpetual state of readiness when it comes to cyber security. The sensitive nature of the data stored on the organisations’ servers fetches top dollar on the Dark Web, and governments are doing everything in their power to ensure stolen information never reaches it.
The Threat Intelligence-Based Ethical Red Teaming for the European Union (TIBER-EU) framework is the European Central Bank’s (ECB) answer for an industry that can’t afford to have any questions surrounding its cyber security effectiveness.
What is the TIBER-EU framework?
TIBER-EU is a non-compulsory framework that’s designed as the new standard in regard to threat intelligence gathering and cyber resilience fortification in the financial services industry. It’s conducted intelligence-led red team assessments.
The goal is to help businesses with critical infrastructure test the effectiveness of their cyber security defences in real-time against malicious threat actors. It’s expected to garner high adoption rates among sectors that include, but aren’t limited to:
TIBER-EU establishes a formal EU-based directive as to how companies should source and conduct an intelligence-led red team assessment. The strategy hinges on red teams attacking live systems and processes so that the business can better understand its detection and remediation capabilities in light of an actual attack.
The penetration testing process set by TIBER-EU contains three phases:
- Preparation: This marks the start of the formal engagement. The entity procuring the red team assessment under TIBER-EU must use an external or independent provider, and settle on a scope for the project.
- Testing: The kick-off of the actual red team assessment. The red team vendor will use common and uncommon tactics, techniques and procedures (TTPs) and attack the system with little to no warning, but within the boundaries of what local and national law allows.
- Closure: The results and remediation portion of the project. Findings will be relayed to the key personnel who are tasked with implementing the new controls, as well as shared across the EU and within the sector to bolster the threat intelligence community.
Organisations with locations in multiple countries across the EU will be able to conduct just one test in a single location, and then apply those findings throughout their other sites. The framework is voluntary in nature, but the rapidly evolving techniques used by hackers is expected to boost adoption rates so that businesses can provide compliance and that due diligence was has been observed.
Why is the TIBER-EU framework important?
The TIBER-EU framework arrives two years after hackers stole $81 million – short of their $1 billion target – from Bangladesh Bank in 2016. The criminals were able to gain employee credentials so that they could manipulate the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which allowed them to send fraudulent wire transfers to a series of other banks.
It’s a case that serves as a stark reminder of the economic magnitude that a successful hacking attempt could have on a financial services business and the country it resides in. The industry is the leading target for cyber criminals, according to the IBM X-Force Threat Intelligence Index 2018.
- It has accounted for over one-quarter of all security events that took place in 2017.
- Three-quarters of recorded attacks in the industry involved a hacker infiltrating the digital environment and executing digital code.
- One in every 10 hacking attempts in the sector were identified as surveillance activity meant to gain information that would be used for future attacks.
Although there are several frameworks and regulations that promote setting world-class cyber security standards in the financial sector, they only briefly touch on taking an active approach to testing how the systems hold up in light of an actual attack.
Intelligence-led red team assessments enable financial institutions to evaluate their ability to identify hacking attempts and quickly respond to them. TIBER-EU provides well respected guidelines to help firms achieve the best results and supports a standard for threat intelligence sharing.
The new frame has the potential to produce a significant positive impact on the security of countries’ finances by equipping institutions with the knowledge and tools to defend against hacking groups that are growing more advanced in their techniques by the second.
How to get the best results from TIBER-EU
TIBER-EU will only be as valuable as the information that’s produced from the red team assessments. Because of this, it’s vital that financial institutions use independent providers that are fully accredited and offer a wide range of services.
Integrity360’s red team assessment specialists have trained in a wide range of disciplines and hold certifications from the following respected cyber security organisations:
- Offensive Security.
Our wide-ranging experience enables our team to build a comprehensive intelligence-led red team assessment, which includes the following capabilities:
- Phishing and social engineering
- Physical data theft
- Web and mobile application evaluation
- Wireless and internal network assessment.
TIBER-EU has the potential to radically transform the resilience of cyber security in the most frequently targeted industry in the world, but only if the framework is leveraged effectively. Working with a red team provider with years of experience on the front lines of cyber security testing is one of the keys to unlocking the full potential of TIBER-EU. If you are interested in learning more about our Red Team services, download our free eBook now: