The Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) methodology is a comprehensive framework designed to enhance the cyber resilience of financial institutions by simulating realistic cyber-attacks on their critical systems.
Threat based penetration testing is a key component of demonstrating compliance with the EU’s Digital Operational Resilience Act (DORA), however it is also the way organisations not falling within the scope of DORA can extract the most value from their technical testing programmes.
Core objectives
Enhance cyber resilience: Improve the ability of financial entities to protect, detect, and respond to sophisticated cyber-attacks.
Harmonisation and standardisation: Provide a standardised approach to intelligence-led red team testing across the EU, while allowing flexibility for the specific requirements of individual countries.
Senior Analyst, Threat Simulation | Cyber Risk
Guidance for authorities: Offer guidance to national and European authorities on establishing, implementing, and managing the testing framework.
Support for cross-border testing: Facilitate cross-border and cross-jurisdictional testing for multinational entities.
Mutual recognition: Enable discussions on supervisory and oversight equivalence, reducing regulatory burdens, and fostering mutual recognition of tests across the EU.
Collaboration protocols: Establish protocols for cross-authority collaboration, result sharing, and analysis.
Key phases of a TIBER-EU test
Preparation phase
Project setup: Define the test scope, procure external service providers, and set up the project structure.
Risk assessment: Conduct risk assessments and define the scope of the test.
Engagement: Identify and engage key stakeholders, including relevant authorities.
Testing phase
Threat intelligence gathering: Collect targeted threat intelligence to understand potential threats and threat actors.
Red teaming: Conduct simulated cyber-attacks using tactics, techniques, and procedures of real-life threat actors to test the entity’s critical functions and underlying systems (people, processes, and technologies).
Closure phase
Analysis and reporting: Analyse the results, identify vulnerabilities, and provide recommendations for remediation.
Compliance and feedback: Ensure compliance with the TIBER-EU framework and provide feedback to improve future tests.
Stakeholders
TIBER cyber team: Manages the test and ensures it meets the TIBER-EU framework requirements.
Financial entities: Undergo the testing to assess and improve their cyber resilience.
Threat intelligence providers: Supply the necessary threat intelligence for the red team tests.
Red team providers: Execute the simulated cyber-attacks based on the gathered threat intelligence.
Relevant authorities: Oversee the implementation and management of the TIBER-EU framework at national and European levels.
Benefits
Improved cyber resilience: Helps financial institutions identify and mitigate security vulnerabilities.
Regulatory assurance: Provides assurance to regulators, customers, and partners regarding the institution's cyber security posture.
Enhanced collaboration: Promotes cross-border cooperation and information sharing among authorities and financial entities.
DORA compliance
We can help you with all aspects of preparing for DORA’s requirements and demonstrating compliance to the regulators. From threat intelligence to incident preparedness and response, to eDiscovery and advisory services, we can ensure that your organisation is ready to face whatever cyber challenges come your way. Talk to us to find out more.
Cyber Risk
We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities.
Insights
Thomas Murray Partners with Socura to offer Managed Detection and Response to clients that need support to stop cyber threats 24/7.
The collaboration will see Thomas Murray offer Socura MDR to help its clients proactively identify and respond to threats.
Thomas Murray and Crimson7 Announce Strategic Partnership to Modernise Threat Informed Security
Thomas Murray and Crimson7 are partnering to combine their expertise and create innovative solutions for tackling key cyber security challenges.
Thomas Murray and askblue partner to support financial institutions in meeting the Digital Operational Resilience Act (DORA) requirements
Thomas Murray and askblue are collaborating to provide services that help financial institutions comply with DORA requirements.
Threat Intelligence for Law Firms: Protecting clients in the digital age
As a law firm, protecting your clients' data and reputation is more critical than ever in today’s digital-first world.