TIBER, Threat Intelligence-Based Ethical Red teaming, is a binding framework developed by the European Central Bank to create resilience in the financial industry and achieve EU-wide standardization and mutual recognition of cyber tests. The regulatory framework complements other security standards that have not worked effectively enough – they have failed to reduce the amount of cyber-driven crime in the industry.

The framework is dynamic and focuses on gap analyses between the assets of the financial entity and relevant protection against the potential attacker. TIBER is driven by both the information value in the systems and the criticality of the systems themselves. Our work with TIBER is based on two parts: threat and intelligence analysis (threat intelligence) and intelligence-based penetration tests (red teaming). 

Throughout the process, we work closely with the customer's White Team, which together with our consultants ensures that all phases of the TIBER test are conducted in a controlled manner and do not expose the customer to unnecessary risks. Sweden’s central bank (Riksbank) also participates in the White Team.

Quick facts

  • Binding for the entire financial sector
  • Focus on the information in the systems
  • Threat and intelligence analysis
  • Red Team tests
  • Create safeguards

Unique certified competence

Denmark was first in the Nordic region to implement TIBER. As a strong player throughout the Nordic region, we have thus been involved in the work with TIBER for a long time and are one of very few suppliers who have actually conducted TIBER tests and are approved by Denmark’s central bank (Nationalbank). Now that TIBER is being put into service in Sweden, Sweden is basing its framework on Denmark's experiences, where we are a central partner. We have all the requisite experience to effectively guide our customers through the TIBER process in Sweden.

Threat intelligence

In the first step, threat intelligence analysis we look at the value and liquidity of the information contained in the systems and system-critical functions. We map the potential attackers; who has an interest, and the capacity, to find and exploit the company's digital assets? We write detailed scenarios of how the attacks can be carried out to increase efficiency, reduce risks, and guide Red Team tests. With 15 years of experience in investigating advanced data breaches in the financial industry, we have the knowledge to make the assessment. The Threat Intelligence phase ends with a final report.

Simulation of attackers and Red Team tests

In the second step, we perform red team tests where we under controlled conditions carry out the scenarios documented in the Threat Intelligence delivery in close dialogue with the customer and White Team. The tests are documented in a final report.

When these two parts are completed, the results are evaluated with Riksbanken. Thereafter we can offer the customer the opportunity to jointly go further and set up safeguards based on the results generated.

Why choose Combitech?

  • Combitech's services cover all parts of the TIBER framework including preparatory services prior to the tests.
  • Our staff has extensive experience in investigations of hacking and economic espionage in the financial industry.
  • We have expertise from both civilian and military intelligence operations and use methods from both to deliver the best results.
  • We can take full supplier responsibility and can perform both threat intelligence analysis and red teaming – a unique combination.
  • We are a Nordic team and can work in all the Nordic languages.

Learn more about: