TLDR: FirstBank Hires Hackers to Breach Systems
Key Points:
- FirstBank’s CISO hired hackers to attack its systems over three years to test vulnerabilities.
- The red team succeeded in compromising the bank’s systems after a three-year exercise.
Article Summary
FirstBank’s chief information security officer, Brenden Smith, shared a case study at the RSA Conference about hiring hackers to attack the bank’s systems. The professional hackers, part of a red team from a company called Randori, attempted to breach FirstBank’s systems over a three-year exercise.
The initial attacks were difficult to detect, as the hackers exploited undiscovered vulnerabilities in the bank’s systems. Despite multiple attempts, the red team did not accomplish their objectives until three years into the exercise when they successfully breached the bank’s systems using an IoT device with a zero-day vulnerability.
Smith emphasized the value of continuous red team exercises in improving cybersecurity measures. The exercise highlighted weaknesses in the bank’s security systems, providing valuable lessons for the institution. Additionally, Smith stressed the importance of realistic simulations to prepare for potential cyberattacks.
Overall, the article underscores the significance of proactive security measures and the benefits of long-term red team exercises in enhancing cybersecurity for financial institutions like FirstBank.