CBEST Simulated Targeted Attack Scheme is Launched
The UK Financial Authorities have launched CBEST - a testing framework that will help the boards of financial organisations, infrastructure providers and regulators understand the types of cyber-attack that could undermine financial stability in the UK, the extent to which they are vulnerable to those attacks and how effective their detection and recovery processes are. CBEST, with the support of industry, puts in place measures to ensure that targeted tests can be conducted on critical assets without harm.
The framework has been designed to deliver a controlled, bespoke, intelligence-led security test which focuses on more sophisticated and persistent attacks on critical systems and essential services. The test mimics behaviours of threat actors who are assessed by government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions.
To ensure the test is safe but also realistic, new accreditation standards have been developed with CREST. These standards assess the extremely high levels of technical knowledge, skill and competency required by the individuals directly involved in CBEST activities.
Context is fully supportive of the initiative with Owen Wright, Assurance Director stating “Context already deliver simulated targeted attacks for clients across a range of sectors, and welcome the opportunity to do so under an industry-wide framework.”