Not surprisingly, the banking sector is one of the most obvious and attractive targets for cyber criminals. Typical threats to the industry include:
- Sophisticated attackers targeting the systems that underpin the global money transfer infrastructure
- Lower-tech cyber fraudsters using technology and social engineering to steal large sums of money from companies through the banking systems
- Malware authors trying to steal money from millions of bank customers
- Destructive attacks against national banks that may arise as a result of political tensions
- Untrusted partners using exposed interfaces
Factor in regulatory compliance requirements such as CBEST and GDPR (General Data Protection Regulation), and it is clear that security is a key priority and major investment for the insurance and banking sector.
Responding to these challenges, the finance sector has some of the most sophisticated defences in the private sector. Being at the forefront of cyber security means that it is more difficult to learn from the experience of others, and more important to focus on the most critical areas.
At Context, we have over a decade of experience as a preferred supplier to many of the largest banks and financial institutions in the UK and around the world, delivering a wide range of services and testing technologies from back-end and middleware systems to online and mobile banking. We have also performed long term augmentation projects for major compliance programmes and SOC (Security Operations Center) maturity programmes for global financial services providers.
As more and more financial service providers implement solutions to adhere to the European Payment Services Directive (PSD2), it is important that these organisations assess the security of their deployments thoroughly. This includes banks and third party providers of various financial applications. Our Open Banking service is specifically tailored to test the various components comprising Open Banking implementations.
In the UK, Context is an accredited CBEST provider and we have already delivered over 15 CBEST engagements. We were also involved in the development of the CBEST framework and were a flagship supplier of the penetration testing aspect of CBEST.