FINOS Tabletop Exercise at Open Source in Finance Forum, London to Assess and Improve FSIs' Readiness for Cloud-Native Threat Detection and Response

The Why

How prepared do Financial Services Institutions (FSIs) feel regarding cloud native threat detection and response? 

As part of its continuous effort to identify and address challenges across its member base, the Fintech Open Source Foundation (FINOS) and Silver member ControlPlane decided to focus on cloud native incident response readiness and address that question pragmatically and engagingly.

The How

The Foundation and ControlPlane decided to organize, author and deliver the first FINOS cloud native incident response tabletop exercise (TTX) at the Open Source in Finance Forum held in London in June 2024. A core team of senior security representatives from global FSIs was assembled to partake on site.

The TTX was a 90-minute gamified, highly interactive, and engaging session. Both technical and non-technical security professionals were guided through the exercises and had the opportunity to contribute to a live, end-to-end security incident simulation. The core team brought diverse perspectives, past experiences, and skill sets whilst gaining insights from each other behind closed doors, under Chatham House rules. 

The Findings

FINOS and ControlPlane compiled and presented several key findings during the keynote at the end of the day. 

#1 The confidence in cloud native incident response readiness is lower across the board compared to traditional on-prem. Generally, this was seen to be due to: 

• Regulated industries often find cloud native adoption more challenging than less-regulated or non-regulated industries.
• The fast-paced environment with different permutations of shared responsibilities and operating models
• Cloud native adoption is difficult to synchronize with traditional maturing detection and response capabilities.

#2 Context is everything

• It starts with data classification and business impact analysis for the affected systems
• Confirming or denying the threat is always first priority
• Assessing the blast radius is imperative for understanding the potential additional impact on critical financial applications

#3 Ensure the right people are in the right roles

• A secure organization must be staffed properly at all tiers of the incident response function (analysts, engineers, incident response managers, etc.) with well-established communication channels
• It is not easy to find a balance between technical and soft skills and maintain those whilst under pressure
• FSIs recognise the need to invest in training their staff and rehearse incident response runbooks

#4 Establish a healthy transparency when communicating internally and externally

• Trust is achieved through transparency, especially in regulated industries 
• Internal teams must be allies and understand their critical role in the response process
• Cyber Threat Intelligence (CTI) in the financial sector can provide valuable information to internal teams responsible for drafting communications to downstream customers

#5 Response runbooks are good, but test and ensure they satisfy both technical and business needs

• Rehearsing response runbooks is more beneficial than detailing each step
• Runbooks must be aligned with business needs and mission, and take into account business impact for each step

#6 Don’t assume. Challenge your thinking each step of the way and ask the right questions

• Assumptions undermine the development of a sound context
• Especially for critical financial systems, each decision must be informed by objective facts rather than personal opinions
• Regularly validate information and actions to ensure accuracy; avoid assumptions that can lead to missteps

ControlPlane's thoughts as a FINOS Member

ControlPlane relishes in helping our heavily regulated customers embrace next generation technologies safely and securely, and it welcomed this great opportunity to lead a tabletop exercise assessing FSI incident response readiness against modern, evolving threats.

A diverse core team of ten exceptional senior security professionals was formed from large multinational banks, hedge funds, and trading organizations. Each member brought their unique background, past experience, current challenges, concerns, and approaches to incident response for business-critical applications. 

With FINOS Members’ most pressing issues at top of mind, and leveraging an extensive offensive and defensive security field expertise, ControlPlane built the TTX scenario based on cloud native infrastructure and open source software supply chain, a recognized threat vector that the sector acknowledges it is not fully prepared for. Through these discussions, ControlPlane reaffirmed actionable insights, techniques and best practices that strengthen incident response strategies for cloud native business-critical deployments across the financial sector and improve cyber resilience against modern and sophisticated threats. 

If you would like to run your own TTX or learn how ControlPlane has enabled multinational financial institutions to rapidly and securely embrace cloud native technologies, open source software, and agile ways of working then please reach out via solutions@control-plane.io, and register for the next TTX at the Open Source in Finance Forum in New York on Sept. 30th and Oct. 1st.

Authors: Gabriele Columbro, FINOS Executive Director and Francesco Beltramini, ControlPlane’s Head of Technical Solutions.