We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other.
The TIBER-EU Framework, More Critical Now Than Ever
The constant evolution of the cyber threat landscape combined with the recent acceleration of the financial sector’s digital transformation, led by new global challenges such as the COVID-19 pandemic, brings new complex cyber threats using more advanced methods and techniques. Financial institutions can better face these evolving threats and aim to reach a more secure digital environment by putting in place the right cyber and operational resilience strategies early on.
In order to test and improve the cyber resilience of financial institutions, the European Central Bank developed a framework for ‘Threat Intelligence Based Ethical Red Teaming’, commonly known as TIBER-EU framework, to carry out a controlled cyberattack based on real-life threat scenarios. TIBER-EU exercises are designed for entities which are part of the core financial infrastructure at the national or European level.
“It is the first EU-wide guide on how authorities, entities, threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.” – Fiona van Echelpoel, Deputy Director General at ECB
By conducting a TIBER-EU test, institutions can enhance their cyber and operational resilience and operational resilience by focusing on technology, monitoring and human awareness strengths & weaknesses before they are exploited by real-life threat actors. The exercise’s main objective is to test and improve protection, detection, and response capabilities against sophisticated cyber threats. Having a TIBER-EU test implemented, European organizations will then be able to reduce the impact of potential cyberattacks.
Benefits for European Organizations
Since the TIBER-EU testing process can be quite overwhelming for the testing entities, selecting the right qualified providers is the first step towards a successful experience and resourceful outcome. The combined work and fluent integrations and communications between the Threat Intelligence and Red Teaming providers is crucial to implement optimal strategies tailored to the testing entity’s cyber strength and weaknesses.
For this reason, we at NVISO are cooperating with QuoIntelligence GmbH, a German Threat Intelligence provider supporting decision-makers with customized and actionable intelligence reports,, to facilitate the cyber resilience testing process. Within this approach, QuoIntelligence first looks at the range of possible threats, selects the most applicable threat actors likely to target the entity, and creates a customized Targeted Threat Intelligence Report which lays the foundation for the Red Teaming’s attack scenarios. Then, NVISO, as the Red Teaming provider, carries out the simulated attack and attempts to compromise the critical functions of the entity by mimicking one of the real-life threat actors in scope.
In cooperation with QuoIntelligence, we already implemented effective joint processes and offer a seamless experience between the Threat Intelligence and Red Teaming providers. Organizations can then take the worry out of the process and be led by experienced providers.
Conclusion
Cybersecurity risks are becoming harder to assess and interpret due to the growing complexity of the threat landscape, adversarial ecosystem, and expansion of the attack surface.
“The expansion of knowledge and expertise in cybersecurity is crucial to improve preparedness and resilience. The EU should continue building capacity through the investment in cybersecurity training programs, professional certification, exercises and awareness campaigns.” – ENISA Threat Landscape Report 2020
In order to test and improve the cyber resilience of the European financial sector, the European Central Bank has put in place the TIBER-EU framework involving a close collaboration between a Threat Intelligence provider and a Red Teaming provider.
QuoIntelligence and NVISO are now offering a strategic approach to simplify the TIBER-EU testing process and offer a worry-free experience to European organizations that want to take their cyber and operational resilience to the next level.
Authors and contact
In case of questions and for more information, please contact info@nviso.eu.
This article was written by Marina Hirschberger, Senior Security Consultant, in accordance with Jonas Bauters, Solution Lead for Red Teaming at NVISO and in cooperation with Iris Fernandez , Marketing Expert at QuoIntelligence GmbH.