The UK's annual cybersecurity review for 2025 indicates that financial organizations continue to struggle with basic cybersecurity safeguards, despite years of regulation. The latest findings come from the CBEST report, co-authored by the Prudential Regulation Authority, Financial Conduct Authority, and the Bank of England. These assessments highlight recurring vulnerabilities that leave sensitive financial data at risk, as reported by The Register.The 2025 CBEST report, analyzing 13 assessments and regulator-backed penetration tests, identified common weaknesses such as poor access controls, weak passwords, misconfigured systems, and inadequate intrusion detection mechanisms among financial businesses and financial market infrastructures (FMIs). Social engineering tactics, including phishing and staff inadvertently revealing sensitive information, were highlighted as significant threats, particularly when combined with a poor security culture. Attackers can exploit these vulnerabilities to bypass controls and gain unauthorized access. The report also noted that FMIs with lax helpdesk protocols are susceptible to credential theft. The National Cyber Security Centre (NCSC) linked these attacks to groups like Scattered Spider, known for using social engineering to exploit trust within organizations.The persistent nature of these cybersecurity gaps, many of which mirror issues from previous years, underscores a need for enhanced resilience and a more integrated approach to security. While improvements in areas like multi-factor authentication are noted, the review emphasizes that technical measures alone are insufficient.Source: The Register
Security Operations, Risk Assessments/Management
UK financial sector cybersecurity review reveals persistent weaknesses

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



