Cybersecurity Audit and Pentesting for Banking
A team of cybersecurity experts provided consulting and penetration testing services for an international bank. Our engineers conducted a thorough security audit of the client’s core banking system (CBS), the most common CBS in the country used by many banks. Our experts found both technical and business-process-related vulnerabilities and provided the client’s IT security department and the developers of that system with an extensive report. Thus did the work of our cybersecurity team benefit not only our client but many banking institutions that rely on that system to serve their customers.
The Client was a well-known banking institution with branches all over the world. We worked with a local branch of the company. Since they needed assistance with regulations compliance and the overall security maturity level, they also asked to test their security infrastructure.
The client reached out to us with a request to verify their security infrastructure and policy in order to become compliant with all regulations and security standards required in the banking industry. They asked our team to test access points, the level of sensitive data confidentiality, and the overall level of system resilience against cyberattacks.
In the course of a thorough IT security audit, the team of cybersecurity specialists (technical experts, IT auditors, finance experts, and psychologists) applied the methods of penetration testing and social engineering. Our check revealed that overall the system was well-protected, but there were still areas for improvement. The team identified certain gaps in security, the exploitation of which would allow an intruder to violate confidentiality and retrieve classified data including their customers’ personal information such as secret words, password hashes, etc. We found vulnerabilities both in their software for internal use and in the client-server application. Social engineering methods helped us evaluate the overall level of security awareness among personnel and assess how likely the bank’s employees were to be involved in malevolent actions.
The client received our recommendations on what to improve in their systems. In addition, all data on vulnerabilities we passed to the developers of their core banking software led to an update for all banks in the country using that system at the time.