- The threat intelligence-led adversary attack simulation will test and determine the existing cyber resilience.
- Financial services industry will go through a series of exercises under the CORIE framework.
The Council of Financial Regulators (CFR) have launched a Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework. The software will check and demonstrate how institutions within the Australian financial services industry are equipped with cyber maturity and resilience. The CORIE framework has been specially designed to assist the ongoing preparation and execution of cyber resilience exercises throughout the financial services industry in the country.
Image source:©Kalkine Group
Objectives of the CORIE pilot program:
Most of the banks are equipped with cybersecurity measures as the cyber-attack trends are rising in frequency and sophistication. However, cyber risk is still one of the top dangers classified by the Council of Financial Regulators (CFR) towards the Australian financial system. Sophisticated criminals are continually attacking Australian Financial Institutions (FIs).
These illegal and harmful operations cause financial loss, reputation damages and most importantly, it impacts on the stability of the Australian financial markets and financial system. With such advanced threats lurking around the corner, financial institutions are required to build resilience which will allow its people, process and information system to adapt to ever-evolving cyber-attacks. According to CFR cybersecurity systems, therefore, cyber operational resilience must be proactive and not reactive.
Image Source: ShutterStock
Threat intelligence-led adversary attack simulation exercise:
Under CORIE framework's key objectives, the exercise will generate data and inform the relevant Australian regulators if found any systemic weaknesses. The assessment will help in finding a risk to the integrity and stability of Australian financial markets. The framework will also identify the suitable actions which will then strengthen the cyber resilience of financial institutions.
CORIE's exercises include tactics, techniques and procedures (TTP)s - a three-step method of real-life adversaries. It will also create and utilise tools and use the methods which have not been considered and planned for.
Based on these TTPs, the exercises will measure the capacity of financial institutions to detect, respond and recover if they come across any real-life cyber threat. The framework intends to build such scenarios that will test and demonstrate financial institutions' resilience level towards any kind of cyberattacks. Such activities have been conducted in the central banks in overseas jurisdictions as well.