Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Break the Hackers, Not the Banks: The Cbest Framework for the Financial Sector

Published by Gbaf News

Posted on September 8, 2015

5 min read

Last updated: January 22, 2026

Add as preferred source on Google

Image depicting a hacker targeting financial institutions - Global Banking & Finance Review — This image illustrates a hacker focused on breaching financial institutions, highlighting the growing cybersecurity threats in the banking sector. It relates to the CBEST framework discussed in the article, emphasizing the need for robust security measures.

Hadi Hosn, Head of Security Strategy and GRC,Dell SecureWorks EMEA

Cyber attacks seem to hit the headlines every day, affecting businesses across all regions and industries. It’s not surprising that the financial sector, which holds a wealth of sensitive data, has become one of the main targets with large UK based financial institutions falling victim to hackers this year. Following the attack on Sony Pictures last year, a number of financial institutions organised a dummy run on their networks using controlled malware to test their cyber security; the results left them fearful for their security measures and these businesses realised the need to further develop their defences. This is where the CBEST framework comes into play.

CBEST was established by the UK Financial Authorities (Bank of England, Her Majesty’s Treasure and the Financial Conduct Authority)to provide a set of criteria against which financial institutions can test the strength of their security procedures. Under this scheme, cyber security vendors work closely with financial institutions and help them develop best practices which prevent and minimise cyber-attacks, testing critical assets without harming or damaging the institution. For those who haven’t yet committed to the scheme, understanding CBEST may be a little overwhelming – but it should not be. CBEST can be broken down into two simple parts: the information phase, and the penetration phase. Below, we will take a look at what both stages involve and what organisations starting out through the process can expect.

Gathering the facts: the information phase

It is vital that organisations understand how publicallyavailable information can be used against them. In the CBEST framework, gathering open source intelligence (OSI) demonstrates how hackers can tailor their approach to ensure that they get access to privileged data. For example, a hacker may choose to infiltrate the human resource department of a national bank, and will begin by profiling the head of department with information available through LinkedIn. The threat actor will be able to see their target’s contact details, their business associates,and the companies they work with. A trawl through Twitter mightreveal the target’s interests andindustry events that he or she hasrecently attended. This information, combined with other tools, can help to form the basis of a very effective social engineering campaign.

Businesses also need to understand the wider perspective of the cyber security industry, and how current trends can influence hackers to tailor their approach.Within the CBEST framework, this is where intelligence gathered by specialised security companies providing threat intelligence capabilities comes into play. Security service providers can offer the best advice possible if they have the very latest, most up to date information to hand.This cyber threat intelligence is built up over years of experience and research and given that CBEST security providers should aim to present their findings within four to six weeks, this experience will play a significant supporting role to the OSI carried out by the security provider. The key objective of the specialised Threat Intelligence is to determine the Threat Groups that would actively target the financial institution and their associated tactics, techniques and procedures (TTPs).

Making a test run: the penetration phase

Once the security vendor has gathered and consolidated its research, they can then work together with a Testing provider to create an exemplar scenario for the bank to run against their systems, demonstrating the effectiveness of hackers. For example, sophisticated organised crime groups which use spear-phishing emails to deliver remote access trojans to an endpoint, steal credentials and gain a foothold on systems of those who have responsibilities in the payments workflows. This allows them to steal large amounts of money by initiating, reviewing and approving transactions from the machines of those responsible without them ever knowing. The testing organization will replicate this threat scenario and try to demonstrate to the financial institution that the above is possible.

Developing future security strategies

After the test scenario is completed, the institution and the cyber security firms sit together with the findings to discuss next steps. At this stage, open communication is an essential part of the process; the security firm must feel comfortable discussing the flaws and faults in the financial institution’s network in a frank and open manner, whilst the financial institution must be ready to make best use of the improvement opportunities available. It is critical to have a feedback loop and improvement programme as a deliverable from these engagements to ensure the financial institution continuously improves and evolves security controls across the organisation.

With so much at stake, getting cyber security right is essentialto protect the assets of millions of customers across the world. The best way of doing this is by being willing to share information and create a platform for discussion between institutions and vendors. Financial institutions must also be ready to make best use of the insight provided through CBEST and other frameworksto make the right improvements for the future. Whether that means training employees on cyber security, deploying new firewalls or hiring a managed security service provider, this opportunity allows them to develop an informed strategy which protects both their assets and their reputation.