The Bank of England’s CBEST assessments found widespread failures in basic cyber hygiene across financial firms and financial market infrastructures, with gaps in patching, hardening, identity and access control, detection, encryption, network security, incident response, and staff training. The report urges firms to address root causes through sustained measures—such as stronger credential management, multi-factor authentication, network segmentation, risk-based remediation, and improved threat intelligence planning—to build lasting resilience. #BankOfEngland #CBEST
Keypoints
- CBEST assessments identified pervasive basic cybersecurity failings across financial firms and FMIs.
- Technical weaknesses include unpatched systems, inconsistent endpoint hardening, and lack of data-at-rest encryption.
- Identity and access control issues feature weak passwords, insecure credential storage, and excessive privileges for admin/service accounts.
- Detection, monitoring, and network segmentation are often inadequate, reducing the ability to detect and respond to attacks.
- The BoE recommends patching and hardening, MFA and credential management, risk-based remediation, better threat-intel planning, and improved staff training.
Read More: https://thecyberexpress.com/financial-firm-cybersecurity-lacking-boe/