"Taking 2025's most prominent findings from 13 CBEST assessments and regulator-backed pentests for finance businesses, BoE found weaknesses like poor access controls and passwords were common among businesses and financial management infrastructures (FMIs). From a technical perspective, misconfigured and inconsistently patched systems were highlighted as recurring issues, as were mechanisms for detecting potential intrusions and vulnerabilities. The report noted: "Given the sophistication of some attackers, it is important that firms and FMIs are prepared to handle breaches effectively, rather than relying solely on protective controls.""
"CBEST assessments revealed that criminals using social engineering tactics could bypass controls when targeting organizations with a poor security culture. Assessors believe that phishing could be successful in some cases, and that staff revealing sensitive information through social media and job descriptions was a realistic possibility. FMIs that did not have strict protocols for their helpdesks, such as verifying the identity of callers, were also vulnerable to attackers who fraudulently accessed legitimate credentials."
CBEST assessments and regulator-backed penetration tests of 13 financial firms and FMIs in 2025 identified widespread basic cybersecurity failures. Weak access controls and poor password practices were common across firms and infrastructures. Technical problems included misconfigured systems, inconsistent patching, and inadequate detection of intrusions and vulnerabilities. Social engineering and phishing posed realistic risks where security culture, staff awareness, and training were weak. Helpdesks without strict identity-verification protocols enabled fraudulent credential access. National cybersecurity authorities noted that these attack styles align with known threat groups and emphasized preparedness to handle breaches in addition to preventive technical measures.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]