Finance: Evolving From CBEST to Risk-Based Cybersecurity
Moving ahead CBEST compliance to a more proactive and risk-based approach to improve the overall cybersecurity posture.
Moving ahead CBEST compliance to a more proactive and risk-based approach to improve the overall cybersecurity posture.
Global | Financial Services | B2B
Our client is a centuries-old financial institution with customers worldwide and 2,500 employees. Our client faced mandatory CBEST for compliance every 2-3 years in a highly regulated industry.
To get ahead of their requirements, the client hired CovertSwarm to implement a more proactive and risk-based approach and improve their overall cybersecurity posture.
The client’s initial concern was that even in the heavily regulated financial sector, its compliance with the CBEST framework (every 2-3 years) wasn’t enough to address the potential gaps of the constantly evolving organization.
The CBEST framework focuses solely on known vulnerabilities, they wanted to get ahead of this requirement by transitioning from the CBEST framework assessment to a constant risk-based approach integrated into the security posture, covering their entire organization.
Elevate their security posture by moving from the standard pen testing, which focused on the known vulnerabilities, to a full-scope cyber attack simulation, mimicking an Advanced Persistent Threat (APT). This aims to find unknown vulnerabilities and help them mitigate these risks before a bad actor could exploit them.
Attack Chain 1:
The initial process began by following our standard OSINT (Open-Source Intelligence) procedures.During the initial OSIN analysis, CovertSwarm experts provided additional context while also finding previously unidentified risks, including dangling DNS records, which were immediately communicated with the client and remediated within hours.
From here, CovertSwarm then tested their digital estate, including both their largely secure external perimeter and their internal perimeter, where an assumed compromise was carried out on their Crown Jewels estate.
During this simulated attack, CovertSwarm gained access to their key infrastructure and built a custom payload that bypassed their Endpoint Detection and Response (EDR) SentinelOne.
We were then able to install Command and Control. (C2) infrastructure, and successfully exfiltrate data.
As a result of this one attack, the client implemented improvements into their Security Operations Center (SoC), Security Event and Management (SEAM) Rules, firewall, Endpoint Detection and Response (EDR) and overall security process.
Subsequently, when the attack was repeated, it was unsuccessful.
Attack Chain 2:
For our next attack CovertSwarm sent two separate teams to attempt to gain unauthorized access to the client’s building, a highly secure and visible building in the city.
During this attack, CovertSwarm was able to view IT equipment, secure information, and position themselves to steal hardware and infrastructure, all while evading detection and expulsion by the client’s significant physical on-site security team.
A full debrief was conducted with the client, explaining the nature of the attack and how CovertSwarm was able to subvert their processes.
Three months later, CovertSwarm replayed the attack but was unable to breach the building proving that the guidance and mitigation worked to improve their security.
Even when given assumed compromise access inside of the building, they were successfully challenged and expelled.
After both attacks were carried out by CovertSwarm- of which we have now carried out dozens-, we were able to identify risks, work with the client to remediate them, and then confirm that that the risk has been mitigated giving reassurance on their cybersecurity posture.
After working with CovertSwarm for about 10 months, and because of constant breaches and improvements to their security posture, the client has now doubled their subscription with us.
The CovertSwarm team has created a different dynamic, pushing their internal team forward and testing their cybersecurity strategy, giving the company constant reassurance of their posture and investments while also getting from CovertSwarm all the compliance and regulatory requirements.
Radical thinking and constant research inform all we do. Think ahead with shared intelligence from the CovertSwarm experts.
Cybersecurity Glossary
Read this comprehensive list we’ve compiled to assist experts, C-level executives, and those embarking on a cybersecurity career in navigating the extensive array of terms in…
CovertSwarm at DEF CON 32: Insights from the Swarm
This time last week, our Swarm was taking over Las Vegas at DEF CON 32 – one of the biggest and oldest hacker conventions in the…
How to Own DEF CON Like a Boss
The Swarm have landed in DEF CON, and we have some tips from our experts about surviving, and thriving, at this event.