Cyber Wednesday - TIBER-IT: the initiative for greater cyber resilience of the Italian Financial Sector

The monthly roundup of news and trends from the Cyber Security market, by STIM Tech Group's CyberSec team

Today's intricate and dynamic digital world has brought the financial sector to the center of increasingly sophisticated cyber threats. The digitization of business models, intensification of service offerings andincreasing interconnectedness have made this sector a prime target for cyberattacks. Faced with this reality, there is an emerging need for innovative and rigorous measures to counter these threats.

In previous appointments, we have had the opportunity to learn more about the NIS2 directive and the DORA, aimed primarily at the financial market: in addition to these two very important instruments, TIBER-IT is also added.

TIBER-IT: what it is and what it involves

TIBER-IT is ajoint initiative of the Bank of Italy, Consob and IVASS aimed at fortifying the cyber resilience of Italian financial entities. Based on the TIBER-EU model, a framework harmonized at the European level, TIBER-IT offers a concrete solution: advanced cybersecurity testing called Threat-Led Penetration Testing(TLPT).

The ultimate goal is twofold: to strengthen the defense capability of each entity and, as a result, to protect the integrity of the entire financial system.

Participation in TIBER-IT is voluntary. However, the authorities involved do not just provide guidance: they offer active support to entities that decide to undergo testing, ensuring their compliance with regulations and promoting cross-border recognition of the test when necessary.

Threat-Led Penetration Testing

But what are Threat-Led Penetration Testing? TLPTs are essentially simulations that aim to mimic the techniques and tactics of real adversaries, allowing financial entities to identify, in a controlled environment, vulnerabilities and weaknesses in their systems.

TIBER-IT national guide: an essential tool

The TIBER-IT National Guide plays a key role in this process. It not only defines the methodology and operational model for TLPTs, but also details the steps in the testing process, clarifying the roles, responsibilities, and activities of all actors involved.

A crucial element of the initiative is the TIBER Cyber Team Italy(TCT), a specialized center of expertise. Made up of experts from the Bank of Italy in collaboration with those from Consob and IVASS, the TCT offers essential support to financial entities, guiding them in the use of the new methodology.

In summary, as cyber threats continue to evolve, initiatives such as TIBER-IT represent significant steps toward greater resilience and security. With the combination of technology, inter-institutional cooperation and proactive engagement, Italy is well positioned to meet the cyber challenges of the future while ensuring the security and efficiency of its financial system.

DORA and TIBER-IT: a parallelism

DORA and TIBER-IT are thus two initiatives aimed at protecting and optimizing the digital resilience of companies. But what are the differences?

First of all, while TIBER-IT provides a voluntary approach for entities that decide to undergo TLPT testing, DORA could establish more stringent and uniform requirements at the European level, ensuring that more financial entities adopt rigorous testing measures.

In addition, with the implementation of DORA, we are likely to see an evolution in testing methodology. The Directive could promote the adoption of harmonized standards and the sharing of best practices among member states, thereby increasing the overall effectiveness of penetration testing.

Another relevant aspect relates to cross-border cooperation: while TIBER-IT emphasizes cross-border recognition of tests, DORA could further boost collaboration between national authorities, ensuring that test results are recognized throughout the European Union and promoting a more unified approach to cybersecurity.

In conclusion, the combination of initiatives such as TIBER-IT and directives such as DORA underscores the growing importance of Penetration tests in the European cybersecurity landscape; in the near future, we can expect such tests, particularly TLPTs, to become even more sophisticated, targeted, and integrated, providing greater protection to the financial sector against cyber threats.