QuoIntelligence and NVISO are pleased to announce that they have created a unique strategic approach to enhance the cyber resilience of financial institutions against cyberattacks via TIBER-EU tests. The two European cybersecurity companies are joining their forces to offer a seamless experience between the Red Teaming and Threat Intelligence providers, while remaining independent from each other.
The TIBER-EU Framework, More Critical Now Than Ever
The constant evolution of the cyber threat landscape combined with the recent acceleration of the financial sector’s digital transformation, led by new global challenges such as the COVID-19 pandemic, brings new complex cyber threats using more advanced methods and techniques.
Financial institutions can better face these evolving threats and aim to reach a more secure digital environment by putting in place the right cyber and operational resilience strategies early on.
In order to test and improve the cyber resilience of financial institutions, the European Central Bank developed a framework for ‘Threat Intelligence Based Ethical Red Teaming’, commonly known as TIBER-EU framework, to carry out a controlled cyberattack based on real-life threat scenarios.
TIBER-EU exercises are designed for entities which are part of the core financial infrastructure at the national or European level. However, any sized organization can conduct these tests and strongly benefit from its outcome.
“It is the first EU-wide guide on how authorities, entities, threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.”
By conducting a TIBER-EU test, institutions can enhance their cyber and operational resilience by increasing their awareness of their strengths and weaknesses before they are exploited by real-life threat actors. The exercise’s main objective is to test and improve protection, detection, and response capabilities against sophisticated cyber threats. Having a TIBER-EU test implemented, European organizations will then be able to quantify and thus reduce the impact of potential cyberattacks.
Benefits for European Organizations
Since the TIBER-EU testing process can be quite overwhelming for the testing entities, selecting the right qualified providers is the first step towards a successful experience and resourceful outcome. The combined work of the Threat Intelligence and Red Teaming providers is crucial to implement optimal strategies tailored to the testing entity’s cyber strength and weaknesses.
NVISO GmbH, a European security consultancy with offices in Belgium and Germany, who helps its customers to prevent, detect, and respond to cyberattacks, and QuoIntelligence GmbH, a German Threat Intelligence provider supporting decision-makers with customized and actionable intelligence reports, are teaming up to facilitate the cyber resilience testing process.
Within this approach, QuoIntelligence first looks at the range of possible threats, selects the most applicable threat actors likely to target the entity, and creates a customized Targeted Threat Intelligence Report which lays the foundation for the Red Teaming’s attack scenarios. Then, NVISO, as the Red Teaming provider, carries out the simulated attack and attempts to compromise the critical functions of the entity by mimicking one of the real-life threat actors in scope.
These two European companies have already implemented effective joint processes and offer a seamless experience between the Threat Intelligence and Red Teaming providers. Organizations can then take the worry out of the process and be led by experienced providers.
Learn more about the role of Threat Intelligence providers in the TIBER-EU testing process.
Conclusion
Cybersecurity risks are becoming harder to assess and interpret due to the growing complexity of the threat landscape, adversarial ecosystem, and expansion of the attack surface. [2]
“The expansion of knowledge and expertise in cybersecurity is crucial to improve preparedness and resilience. The EU should continue building capacity through the investment in cybersecurity training programs, professional certification, exercises and awareness campaigns.”
In order to test and improve the cyber resilience of the European financial sector, the European Central Bank has put in place the TIBER-EU framework involving a close collaboration between a Threat Intelligence provider and a Red Teaming provider.
QuoIntelligence and NVISO are now offering a strategic approach to simplify the TIBER-EU testing process and offer a worry-free experience to European organizations that want to take their cyber and operational resilience to the next level.
Do you want to stay informed of cyber and geopolitical threats targeting your organization? Are you interested in receiving exclusive and unpublished intelligence?