Cyber threats are increasing exponentially year after year. To help organisations protect against these threats, the European Union (EU) has established the TIBER EU framework. It was developed because of concerns about how its member states were managing (or mismanaging) their national cyber security risks and from the clear need for a common framework to address these risks across its membership.
What is the TIBER EU Framework?
The TIBER-EU Framework refers to Threat Intelligence-Based Ethical Red Teaming. The European Central Bank (ECB) created the framework in March 2018 as a response to the increasing number of cyber threats specifically facing the financial sector and the urgent need for a more coordinated, sophisticated, and comprehensive approach to managing cybersecurity risk. The framework’s goal is to help financial institutions identify strengths and vulnerabilities within live production systems for a better security posture. They didn’t reinvent the wheel. It is based on an existing standard from ENISA (European Network and Information Security Agency).
Threat Intelligence-based ethical red team testing involves a full range of attack exercises, including social engineering, physical penetration testing, technical penetration testing, web application testing, wireless network testing, mobile device testing, insider threat simulation and incident response testing. The exact exercises involved may vary depending on the specific objectives of the red team test. Since the aim is to simulate real-life threats, attacks are targeted across functions within people, processes and technologies in the organisation. While the framework is not legally mandated, it does provide clear guidance to financial institutions for managing their cyber security risks more effectively – especially as the sector has been under major attack by threat actors in this era of increasing digitalization and remote working. The five participants recommended in the framework are:
1. The Red Team: This is a group of security professionals who act as simulated attackers and perform the tests. They use their expertise in threat intelligence and cyber security to identify and exploit vulnerabilities.
2. The Blue Team: They are responsible for defending the organisation’s systems. They are often not aware of the attack, so they are benchmarked against the TIBER EU framework.
3. The TIBER Cyber Team: They are comprised of individuals with expertise in threat intelligence, cyber security and red team testing. The TIBER Cyber Team operates as part of a larger TIBER programme to ensure the tests meet the framework’s requirements.
4. The White Team: They involve a small team within the targeted organisation who are aware of the tests to be carried out and work very closely with the TIBER Cyber Team.
5. Threat Intelligence Provider: They are a group of security professionals who provide the red team with intelligence reports to strategies for attack scenarios on the latest threats and trends and guidance on the most effective attack methods.
Steps to Implement Threat Intelligence-based Ethical Red Team Tests (TIBER EU)
The exercise is often very sophisticated and includes several activities. Below are steps your financial institution can get started with to implement the TIBER EU Framework.
1. Develop a threat intelligence programme: Start by developing a comprehensive threat intelligence programme that covers all key areas, such as intelligence collection, analysis and dissemination. This will help you to better understand the threats facing your organisation and inform your red team testing activities.
2. Define your red team testing objectives: Next, define the objectives of your red team testing activities, taking into account the specific risks and vulnerabilities facing your organisation. This will help you to create a realistic and targeted test scenario.
3. Conduct a risk assessment: Conduct a risk assessment to identify the key assets, systems and data that need to be protected. This will help you to prioritise your red team testing activities and ensure that the most critical areas are tested.
4. Gather and analyse threat intelligence: Gather and analyse threat intelligence to inform the tactics, techniques and procedures used by the red team. This will help you to create a realistic and credible simulated attack.
5. Plan and execute the red team test: Plan and execute the red team test, following the guidance provided by the TIBER-EU framework. This will include preparing for the test, conducting the test and analysing the results.
6. Evaluate and improve your defences: Evaluate the results of the red team test, identify areas for improvement and implement remediation activities to improve your defences.
7. Repeat the process: Regularly repeat the red team testing process, using the latest threat intelligence, and updating your red team testing objectives, to ensure that your defences remain effective against evolving threats.
Why You Should Consider Using the TIBER EU Framework
The TIBER EU Framework is a proven model developed over several years and adopted by Europe. Although not yet made mandatory across the EU, financial institutions will benefit from its exercises in the following ways
1. Improved Cyber Security Posture: The framework provides a comprehensive approach to managing cybersecurity risk, helping organisations identify, assess and mitigate risks. This can result in a stronger and more resilient cybersecurity posture.
2. Increased Confidence: By following the TIBER EU Framework, organizations can demonstrate to their customers, stakeholders, and regulators that they are taking the necessary steps to protect against cyber threats. This can increase the organisation’s confidence and ability to protect sensitive data.
3. Better Incident Response: The framework guides incident response, threat hunting and security monitoring. This helps organisations respond to security incidents more effectively and reduce the impact of a successful cyber-attack.
4. Alignment with Regulations: The TIBER EU Framework is aligned with relevant EU regulations, such as the General Data Protection Regulation (GDPR) and DPA 2018. By following the framework, organisations can ensure that they meet regulatory requirements and reduce the risk of regulatory fines.
5. Competitive Advantage: Organisations that adopt the TIBER EU Framework can gain a competitive advantage by demonstrating their commitment to cyber security and their ability to protect sensitive data.
There’s no doubt, that the TIBER EU framework is valuable for organisations looking to improve their cyber security posture. By following its guidelines, businesses can reduce the risk of a successful cyber-attack and protect their data and assets.
Getting started with this framework might present a cumbersome process but not with the right crew.
Risk Crew can design and deliver a systematic Threat Intelligence-based Ethical Red Team Test to test the security controls in your organisation. Start getting a significant and measurable return on your security investment by getting in touch with our qualified experts.
Learn About Red Team Testing Services Get A Red Team Testing Quote