The UK Financial Authorities have launched CBEST -a testing framework that will help the boards of financial organisations,infrastructure providers and regulators understand the types of cyber-attackthat could undermine financial stability in the UK, the extent to which they arevulnerable to those attacks and how effective their detection and recoveryprocesses are. CBEST, with the support of industry, puts in place measures toensure that targeted tests can be conducted on critical assets without harm.
The framework has been designed to deliver acontrolled, bespoke, intelligence-led security test which focuses on moresophisticated and persistent attacks on critical systems and essentialservices. The test mimics behaviours of threat actors who are assessed by governmentand commercial intelligence providers as posing a genuine threat tosystemically important financial institutions.
To ensure the test is safe but also realistic, newaccreditation standards have been developed with CREST. These standards assessthe extremely high levels of technical knowledge, skill and competency requiredby the individuals directly involved in CBEST activities.
Context is fully supportive of the initiative withOwen Wright, Assurance Director stating “Context already deliver simulatedtargeted attacks for clients across a range of sectors, and welcome theopportunity to do so under an industry-wide framework.”