A new security framework, developed by the Council of Financial Regulators (CFR), that focuses on cyber resilience and maturity assessments is hitting the financial services world very soon. This approach, known as the Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework, is in early pilot stages, but is set to take the world by storm when it settles into what’s considered normal operations.
CORIE builds on the proactive nature of Red Team Attack Simulation and provides financial services organisations with a step-change methodology for baselining and improving their cyber defences. At its heart, CORIE builds on the well understood discipline of adversary simulation and creates a solution fit for the rigorous testing needed by financial services organisations now and into the future.
Here’s what we think you need to know:
- It’s a whole better way of using Red Teaming – think like the criminal.
- We focus on how to prevent the worst-case scenario – it’s objective led.
- It helps better answer management’s hardest question – could this happen to us?
- The techniques an attacker will use to target you define the testing approach – Threat Intelligence provides leverage to the defender.
- Bespoke attack simulations are used to mimic the attacker tradecraft – understanding the motives and capability of the enemy is key.
Where has the CORIE Framework come from?
- The CORIE framework has been created and launched by APRA/RBA. It will soon be mandatory for Financial Institutions (FI) to use.
- Its aim is to focus efforts on how far a realistic attacker can go towards impacting your business operations and cause a significant impact to you.
- Infamous attacks over the last few years, coupled with the constant increase in attacker capabilities, means our industry MUST move towards objective based adversarial simulation attacks to test an organisation’s effective defence posture.
- Threat Intelligence has become a credible weapon in our arsenal to identify the most likely threat actor and techniques criminals will use against your organisation.
Sekuro can now perform Red Team engagements aligned to the CORIE Framework.
We use adversarial attack simulations to:
- Help you test your defences against such attacks and the real impact on your business
- Provide visibility on the critical gaps in your security posture
- Highlight the effective controls and processes you are doing that must continue
- Prioritise where you spend budgets and resources to make improvements across the entire attack lifecycle
- Measure the effectiveness of your current controls against a realistic attacker
Get excited about the CORIE Framework, it’s going to be big. For more information, contact Sekuro today to talk to an expert.