The Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) methodology is a comprehensive framework designed to enhance the cyber resilience of financial institutions by simulating realistic cyber-attacks on their critical systems.
Threat based penetration testing is a key component of demonstrating compliance with the EU’s Digital Operational Resilience Act (DORA), however it is also the way organisations not falling within the scope of DORA can extract the most value from their technical testing programmes.
Core objectives
Enhance cyber resilience: Improve the ability of financial entities to protect, detect, and respond to sophisticated cyber-attacks.
Harmonisation and standardisation: Provide a standardised approach to intelligence-led red team testing across the EU, while allowing flexibility for the specific requirements of individual countries.
Senior Analyst, Threat Simulation | Cyber Risk
Guidance for authorities: Offer guidance to national and European authorities on establishing, implementing, and managing the testing framework.
Support for cross-border testing: Facilitate cross-border and cross-jurisdictional testing for multinational entities.
Mutual recognition: Enable discussions on supervisory and oversight equivalence, reducing regulatory burdens, and fostering mutual recognition of tests across the EU.
Collaboration protocols: Establish protocols for cross-authority collaboration, result sharing, and analysis.
Key phases of a TIBER-EU test
Preparation phase
Project setup: Define the test scope, procure external service providers, and set up the project structure.
Risk assessment: Conduct risk assessments and define the scope of the test.
Engagement: Identify and engage key stakeholders, including relevant authorities.
Testing phase
Threat intelligence gathering: Collect targeted threat intelligence to understand potential threats and threat actors.
Red teaming: Conduct simulated cyber-attacks using tactics, techniques, and procedures of real-life threat actors to test the entity’s critical functions and underlying systems (people, processes, and technologies).
Closure phase
Analysis and reporting: Analyse the results, identify vulnerabilities, and provide recommendations for remediation.
Compliance and feedback: Ensure compliance with the TIBER-EU framework and provide feedback to improve future tests.
Stakeholders
TIBER cyber team: Manages the test and ensures it meets the TIBER-EU framework requirements.
Financial entities: Undergo the testing to assess and improve their cyber resilience.
Threat intelligence providers: Supply the necessary threat intelligence for the red team tests.
Red team providers: Execute the simulated cyber-attacks based on the gathered threat intelligence.
Relevant authorities: Oversee the implementation and management of the TIBER-EU framework at national and European levels.
Benefits
Improved cyber resilience: Helps financial institutions identify and mitigate security vulnerabilities.
Regulatory assurance: Provides assurance to regulators, customers, and partners regarding the institution's cyber security posture.
Enhanced collaboration: Promotes cross-border cooperation and information sharing among authorities and financial entities.
DORA compliance
We can help you with all aspects of preparing for DORA’s requirements and demonstrating compliance to the regulators. From threat intelligence to incident preparedness and response, to eDiscovery and advisory services, we can ensure that your organisation is ready to face whatever cyber challenges come your way. Talk to us to find out more.
Cyber Risk
We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities.
Insights
An overview of the TIBER-EU methodology
The TIBER-EU methodology is a comprehensive framework designed to enhance the cyber resilience of financial institutions.
Five minutes with the PE cyber experts
Ed Starkie and Ben Hawkins gave us five minutes of their time to run through the current state of cyber security for private equity.
Understanding supply chain and concentration risks in cloud services
The major incident on Friday, 19 July highlighted the high levels of concentration risk emerging from our technology landscape.
Where to start with cyber security for private equity
Cyber security for private equity (PE) firms is a central concern given the sensitive nature of the data they handle.