From Tabletop To Turnkey: Building Cyber Resilience In Financial...

Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement.

Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in several regions, including DORA (Digital Operational Resilience Act) in the EU; CPS230 / CORIE (Cyber Operational Resilience Intelligence-led Exercises) in Australia; MAS TRM (Monetary Authority of Singapore Technology Risk Management guidelines); FCA/PRA Operational Resilience in the UK; the FFIEC IT Handbook in the US, and the SAMA Cybersecurity Framework in Saudi Arabia.

What makes complying with these regulatory requirements complex is the cross-functional collaboration between technical and non-technical teams. For example, simulation of the technical aspects of the cyber incident - in other words, red-teaming - is required, if not precisely at the same time, then certainly within the same resilience program, in the same context, and with many of the same inputs and outputs. This is strongest in the regulations based on the TIBER-EU framework, particularly CORIE and DORA.

As requirements become more prescriptive, and best practices become more established, what used to be a tabletop exercise driven by a simple Excel file with a short series of events, timestamps, personas and comments, has grown into a series of scenarios, scripts, threat landscape analyses, threat actor profiles, TTPs and IOCs, folders of threat reports, hacking tools, injects and reports - all of which must be reviewed, prepared, rehearsed, played, analyzed, and reported, at least once per year, if not per quarter, if not continuously.

While Excel is a stalwart in each of the cyber, financial, and GRC domains, even it has its limits at these levels of complexity.

Over the past several years, Filigran has advanced OpenAEV to the point where you can design and execute end-to-end scenarios that blend human communications with technical events. Initially launched as a crisis simulation management platform, it later incorporated breach & attack simulation to now holistic adversarial exposure management, providing a unique capability to assess both technical and human readiness.

There are many advantages to blending these two capabilities into one tool. For a start, it greatly simplifies the preparation

Source: The Hacker News