The Council of Financial Regulators (CFR) released a framework in December 2020 that is used to build red team scenarios to test the level of Australian financial services industry’s cyber resilience. A proactive stance to cyber security is required to maintain information security capability that commensurates with the size and extent of the threats its information assets face.
The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. Also known as red team exercises, these help Financial Institutions(FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
The pilot program will focus on the following objectives:
• Provide data and information to inform relevant Australian Regulators of systemic weaknesses that may present a risk to the integrity of the Australian financial markets and financial system.
• Assess FI’s resilience to known adversaries targeting the FI.
• Provide the relevant Regulator and FI with a plan of remediation to address any identified weaknesses.
“Few would now dispute that cyber security is a core part of business hygiene. With the forced virtualisation of our lives following the COVID outbreak, the need for security professionals and security-minded business leaders has jumped even further.” – Romain Rallu, CEO of Privasec