BoE launches new test for cyber vulnerabilities
The Bank of England has unveiled new measures to help identify areas where the UK financial sector could be vulnerable to sophisticated cyber-attack.
A new framework called CBEST will use intelligence from government and accredited commercial providers to identify potential attackers to a particular financial institution.
CBEST will then replicate the techniques potential attackers use to test the extent to which they may be successful in penetrating the defences of a particular institution. On completion of the test the firm will work through the results with the testers and supervisors.
According to the Bank, CBEST provides the following:
- access to considered and consistent cyber threat intelligence, ethically and legally sourced from organisations that have been assessed against rigorous standards;
- access to knowledgeable, skilled and competent cyber threat intelligence analysts who have a detailed understanding of the financial services sector;
- realistic penetration tests that replicate sophisticated, current attacks based on current and targeted cyber threat intelligence;
- standard key performance indicators that can be used to assess the maturity of the organisation’s ability to detect and respond to cyber-attacks; and
- access to benchmark information that can be used to assess other parts of the financial services industry.
CBEST differs from other security testing currently undertaken by the financial services sector because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services.