As technology continues to advance at an unprecedented pace, the financial sector faces increasing risks and challenges in safeguarding sensitive data and ensuring the security of critical systems. In response to this evolving threat landscape, the European Central Bank (ECB) and the European Union Agency for Cybersecurity (ENISA) introduced a groundbreaking framework known as TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union). TIBER-EU serves as a comprehensive cybersecurity resilience framework specifically designed to bolster the defenses of financial institutions across the European Union.
TIBER-EU represents a proactive and collaborative approach to cybersecurity resilience testing within the financial sector. It is built on the principles of threat intelligence, ethical hacking, and red teaming to evaluate and enhance the effectiveness of an organization’s cybersecurity posture. The framework aims to simulate real-world cyberattacks, allowing institutions to identify vulnerabilities and implement necessary improvements in a controlled and secure manner.
a) Enhanced Preparedness: TIBER-EU enables organizations to identify and address cybersecurity weaknesses proactively. By simulating realistic cyberattacks, organizations gain valuable insights into their vulnerabilities, allowing them to fortify their defenses and improve incident response capabilities.
b) Collaboration and Knowledge Sharing: The framework encourages collaboration between organizations, ethical hackers, and cybersecurity experts. This collaboration fosters knowledge sharing and the exchange of best practices, ultimately strengthening the collective resilience of the European Union’s critical infrastructure.
c) Standardization and Certification: TIBER-EU establishes a standardized approach to cybersecurity testing, ensuring consistent methodologies and high-quality assessments. The framework also provides the possibility of certification, demonstrating an organization’s commitment to cybersecurity and providing reassurance to stakeholders.
d) Regulatory Compliance: TIBER-EU aligns with various regulatory requirements, including the Network and Information Systems (NIS) Directive and the European Central Bank’s guidelines. By implementing the framework, organizations can fulfill their obligations under these regulations and demonstrate compliance.
The Bank of Italy, Consob and IVASS have jointly adopted the TIBER-IT national guide. The Guide constitutes the national transposition of the TIBER-EU framework.
TIBER-IT was adopted with a view to financial stability, within the sphere of the competences entrusted to the three Authorities by the legal system regarding the stability, efficiency and competitiveness of the financial system, as well as those concerning the supervision of the regular functioning, reliability and efficiency of the payment system.
If you are an organization operating in the financial sector and you want to submit your infrastructure to an activity in line with the TIBER-EU framework, contact us.