The Bank of England (BoE) developed CBEST as a framework to deliver controlled, bespoke, intelligence-led cyber security tests. These tests replicate the behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first initiative of its type to be led by any of the world’s central banks.
Context were involved in the CREST technical workshops that were used to define the technical standards for CBEST and STAR testing.
Benefits to the financial sector
CBEST has the full support of the UK Financial Authorities and will provide significant benefits to the UK’s financial sector. These include:
- Access to considered and consistent cyber threat intelligence, ethically and legally sourced from organisations that have been assessed against rigorous standards;
- Access to knowledgeable, skilled and competent cyber threat intelligence analysts who have a detailed understanding of the financial services sector;
- Realistic penetration tests that replicate sophisticated, current attacks based on current and targeted cyber threat intelligence;
- Access to highly qualified penetration testers that understand how to conduct these technically difficult testing activities while ensuring that no damage is caused;
- Confidence in the methodologies utilised by the companies within CBEST for conducting these sophisticated and sensitive tests;
- Confidence that the results and the information accessed by the testers will be protected;
- A framework that is underpinned by comprehensive, enforceable and meaningful codes of conduct administered by a specialist professional body.