InfoSecBulletin Cybersecurity for mankind
The European Union’s central bank will perform its first cyber resilience stress test on 109 banks under its supervision in 2024. The test will evaluate the banks’ capacity to handle a cyber-attack successfully, rather than just preventing it.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
The ECB evaluated banks’ IT risk management in November 2023 and found little progress in the sector. This announcement follows that evaluation.
It found “serious supervisory concerns that confirm the need to continue on-site inspections in conjunction with tailored discussions between banks and supervisors.”
How Will the Cyber Resilience Stress Test Work?
In the stress test scenario, a cyber-attack will have successfully disrupted the bank’s daily business operations. Supervisors will watch the bank’s response and recovery measures, including their ability to activate emergency procedures and restore normal operations.
Additionally, 28 banks will go through a more detailed evaluation, where they will need to provide additional information about how they dealt with the cyber-attack.
This will also check if there is enough coordination with other supervisory activities. These 28 banks represent various business models and geographies to reflect the euro banking system.
Supervisors will discuss the stress test results and lessons with each bank as part of the 2024 Supervisory Review and Evaluation Process, which evaluates a bank’s risk profile. The main findings will be published in summer 2024.
In October 2023, Lloyd’s of London predicted that a cyber-attack on a major financial services payment system could cause global economic losses of $3.5 trillion.
