Has Your Firm Been TIBER'd? Threat Intelligence-based Ethical Red Teaming
Testing the ability of an organisation to survive a threat to people, processes and technologies is becoming ever more urgent. A Threat Intelligence based framework for such a test involves teams playing roles which include:
- The Blue team - those being tested at the target organisation. They are kept unaware of the plans for a test
- A threat provider who carries out reconnaisance of the target organisation
- The Red team - those carrying out the tests and simulated attacks
- The White team - a small group of people at the target organisation who are participate in the planning of a test
- The TIBER team, an EU team overseeing the test to see it meets the EU TIBER requirements
What is TIBER?
The acronym stands for Threat Intelligence-based Ethical Red Teaming and is becoming an adopted approach around the EU for threat testing.
What is CBEST?
The Bank of England have another acronym CBEST, Council for Registered Ethical Security Testers.
CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence based, is less constrained and focuses on the more sophisticated and persistent attacks against critical systems and essential services. The inclusion of specific cyber threat intelligence will ensure that that the tests replicate as closely as possible the evolving threat landscape and therefore will remain relevant and up to date.
What should your firm be doing?
Nobody wants to see a malicious attack cause damage to a financial institution, least of all public end users. The TIBER and CBEST frameworks are being applied to the largest financial services firms, but any firm could adopt these frameworks should they feel it necessary.