Banks’ Cyber ​​Intelligence Assessment

Bank Security
3 min readJun 30, 2020

--

Top 30 questions to understand the maturity of your Cyber Intelligence program

  1. Adversaries — What adversaries are likely to target financial services organizations?
  2. Financial (Motivation) — What are the financial motivations for targeting banks or financial services organizations?
  3. Nation State (Motivation) — What nation-state agendas may result in the targeting of financial services organizations?
  4. Ideological (Motivation) — What are the political, social, economic and ideological motivations for targeting financial services organizations?
  5. Malware & Tools — What malware or tools are likely to be used to target financial services organizations?
  6. Tactics, Techniques, and Procedures (TTPs) — What TTPs are likely to be used to target the financial services organization? What tactics are used to gain initial access, dumping credentials, move laterally and exfiltrate data against financial organizations?
  7. Services and Enablers — What external or associated support might adversaries leverage in their operations? (e.g. MaaS, Exploit Kits, Spam Service)
  8. Criminal Forum Activity — What financial fraud related activity can be observed on underground forums, markets, or messaging applications? What financial customer data can be observed on underground forums, markets, or messaging applications?
  9. Indicators — What infrastructure, resources, or indicators of compromise are associated with activity targeting financial organizations?
  10. Critical Business Data — What types of critical business data are adversaries likely to target at financial services organizations?
  11. Sensitive Data — What types of sensitive financial data, strategic business documents and personally identifiable information (PII) are targeted by adversaries?
  12. Critical Business Processes — What types of critical business processes (e.g. procurement processes, finance, IT, HR) are adversaries likely to target or exploit at financial services organizations?
  13. Critical Business Infrastructure — What common business infrastructure, OS and applications is the adversary likely to target or exploit at financial services organizations?
  14. Vulnerabilities — What vulnerabilities are being exploited to target
    organizations?
  15. Monetization — How are adversary operations monetized?
  16. Individuals — What are the cyber threats targeting the organization’s executives, employees and customers?
  17. Customer Financial Data — What are the cyber threats to customer financial account information?
  18. Loan Fraud — What fraudulent activity can be associated with loans and credit-related processes?
  19. Payment Cards (Debit/Credit) — What fraudulent activity can be associated with payment cards?
  20. Identity fraud — What tactics and techniques are adversaries using to conduct identity fraud?
  21. Account Takeover — What fraudulent activity can be associated with account takeover?
  22. Identity Theft — What fraudulent activity can be associated with individual’s identities?
  23. Phone Number Porting/Hijacking — What fraudulent activity can be associated with phone number porting?
  24. ATM — What are the cyber threats to ATMs and their related networks?
  25. Geo-political events — How could geo-political events or initiatives impact organizations and their employees operating in various regions of the world?
  26. Data Exposure and Breaches — What data exposures and breaches have been observed for organization in the financial services sector?
  27. Mobile Applications — What are the cyber threats to mobile bank applications?
  28. Point of Sale (PoS) — What are the cyber threats to Point of Sale systems?
  29. Technology Supply Chain — What are the cyber threats to the Technology Supply Chain?
  30. Insider Threats — How do you monitor insider threats?

FOLLOW ME ON TWITTER:
https://twitter.com/Bank_Security

--

--