FSI paper details ‘red team testing’
Paper sets out how the cyber-security tests are used in different jurisdictions
A new paper by the Financial Stability Institute details how “red team testing” is used in different jurisdictions to assess the cyber defences of financial institutions.
In the latest in a series of FSI Insights papers, Jermy Prenio, Jeffery Yong and Raymond Kleijmeer present the results of a study based on eight different financial authorities.
A red team test involves a group of hackers trying to break into a firm’s systems and make off with “flags” or key pieces of data, as a simulation of a real cyber attack. The scenarios are conducted without the bank’s cyber teams knowing they are happening.
“An effective red team test is characterised by both firms and authorities being open about the results, learning from the weaknesses exposed and taking appropriate remedial actions,” the FSI authors say.
Various authorities are involved to different degrees. Some play a close role in managing the testing process, while others play a more limited part in ensuring post-test recommendations are implemented.
The FSI team says there could be scope for red team testing to be conducted across borders, and it might be possible for one jurisdiction to approve a firm tested in another “if certain conditions are met”.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@centralbanking.com or view our subscription options here: http://subscriptions.centralbanking.com/subscribe
You are currently unable to print this content. Please contact info@centralbanking.com to find out more.
You are currently unable to copy this content. Please contact info@centralbanking.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@centralbanking.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@centralbanking.com
More on Cyber
MAS partners with Mastercard to tackle cyber risks
Singaporean central bank and payments firm will share information and conduct joint training
IMF officials warn cyber risks are growing
Systemic and third-party cyber risks pose threats to central banks and firms
IMF hit by cyber attack
Fund says attack did not target top leader and it has “re-secured” 11 compromised email accounts
Riksbank HR system restored 17 days after ransomware attack
Other incidents using Akira software reported across the world since 2023
Head of Romania’s central bank ‘deepfaked’ by scammers
NBR says fraudsters’ use of AI-generated video points to increasing risks from manipulated imagery
Swedish central bank affected by ransomware attack
Riksbank’s HR and payroll reportedly still impeded after hackers targeted third-party cloud provider
ECB prioritises IT outsourcing and cyber resilience supervision
Institutions lost $161 million due to poor-quality outsourced services in 2022
Central Bank of Ireland suffers credit data breach
Over 20,000 borrowers’ credit scores impacted by “archiving error”
Most read
- ECB staff speak out against changes to internal survey
- Central bank of the year: Central Bank of Brazil
- French president calls for expanded ECB mandate