FirstBank: hackers breached system in three years

May 13, 2024
1 min read

TLDR: FirstBank Hires Hackers to Breach Systems

Key Points:

  • FirstBank’s CISO hired hackers to attack its systems over three years to test vulnerabilities.
  • The red team succeeded in compromising the bank’s systems after a three-year exercise.

Article Summary

FirstBank’s chief information security officer, Brenden Smith, shared a case study at the RSA Conference about hiring hackers to attack the bank’s systems. The professional hackers, part of a red team from a company called Randori, attempted to breach FirstBank’s systems over a three-year exercise.

The initial attacks were difficult to detect, as the hackers exploited undiscovered vulnerabilities in the bank’s systems. Despite multiple attempts, the red team did not accomplish their objectives until three years into the exercise when they successfully breached the bank’s systems using an IoT device with a zero-day vulnerability.

Smith emphasized the value of continuous red team exercises in improving cybersecurity measures. The exercise highlighted weaknesses in the bank’s security systems, providing valuable lessons for the institution. Additionally, Smith stressed the importance of realistic simulations to prepare for potential cyberattacks.

Overall, the article underscores the significance of proactive security measures and the benefits of long-term red team exercises in enhancing cybersecurity for financial institutions like FirstBank.

Latest from Blog

Top 3 Cybersecurity Stocks for May 2024 Buy Now

TLDR: Key Points: Cybersecurity stocks are using AI to enhance their platforms Top cybersecurity stocks to buy now include Crowdstrike, Fortinet, and Palo Alto Networks Article Summary: The cybersecurity market is booming

Get Secure: Know the Basics of Cloud Security Fundamentals Now

TLDR: Cloud security fundamentals are essential for data protection, regulatory compliance, and access management in a cloud environment. Key fundamentals include identifying assets, implementing security controls, conducting risk assessments, managing user access