Fintech Finance presents: The Fintech Magazine 21

Page 88

FINTECH FOCUS: CYBERSECURITY The TIBER framework is different to many earlier cybersecurity testing procedures. Instead of working in an isolated environment, separate from main operations, TIBER is live. Providing far more meaningful results, TIBER tests companies’ systems in the real world. This adds a level of risk that must be managed meticulously, both by the organisation and its testing provider. The consequences of not doing so are serious. CBEST was the first testing framework to operate in a live environment. Specialist red teams have been highly trained (and CREST-accredited) to deliver CBEST testing that’s secure, legally compliant, and ethical. At Nettitude, we believe the TIBER framework must learn from this high level of service. So, finding the right TIBER test provider for your financial organisation is crucial. You’ll want a secure test, but there’s huge value in knowing how to act on the results to protect your operations. An obvious question exists: should you opt for a local provider in your country or choose a larger, global tester? We consider both here.

GOING LOCAL…

Firms should consider their choices carefully when asking a company to punch a big hole in their cyber defences to test their resilience. Here, Nettitude’s Anthony Long, Head of Threat Intelligence & Advisory Consulting outlines the options 88

TheFintechMagazine | Issue 21

It can be tempting to keep TIBER testing local. A familiar provider in the same country can seem reassuring. If timelines are tight, engaging an existing provider will be faster than appointing a new one. They’ll already know how you operate and won’t have language differences or limited cultural insight. But local testing providers are, by their very nature, smaller operators. When handling live TIBER testing, this is a risk. Generally, local operators have less testing experience, smaller teams and fewer qualified individuals. Also, their knowledge of cybersecurity beyond finance could be limited. This might not seem significant, but they’ll lack the broader insight of new and emerging risks that financial organisations and their regulators are yet to consider. A local TIBER tester could seem like the more convenient option. But you might find it’s a less safe one.

OR GLOBAL… Just like many financial organisations, global TIBER test providers operate in many countries. Global banks and other www.fintechf.com

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

The modern art of the FPGA

8min
pages 103-106

A Fresh start

3min
pages 110-112

Regime change

8min
pages 99-102

Just the ticket

7min
pages 107-109

A new chapter for AI

8min
pages 95-98

Testing times

6min
pages 88-90

Beyond ISO 20022

7min
pages 91-94

The digital hello Nordic-style

11min
pages 84-87

Banking on BNPL

8min
pages 78-80

Time for a reinvention

7min
pages 81-83

Time to let Zip

7min
pages 72-74

First mover

8min
pages 69-71

Ahead of the eight

11min
pages 64-68

The great fintech bake-off

7min
pages 58-59

Richly deserved

11min
pages 60-63

Magical banking

10min
pages 54-57

Sunset on the office

9min
pages 46-50

At your service

8min
pages 51-53

A moving target

8min
pages 43-45

Getting to know you

8min
pages 31-33

Local heroes?

7min
pages 40-42

A world on the move

17min
pages 8-13

Bringing ATMs in from the cold

8min
pages 37-39

The ATM pool table

4min
pages 34-36

Meet ‘The Enablers’

7min
pages 24-27

Stick or twist?

8min
pages 28-30

Cool to be kind

10min
pages 20-23
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.