Immersive's Threat Intelligence Labs Help HSBC Reduce Cyber Risk

Organizational Background

HSBC is one of the world’s largest banking and financial services organizations, serving more than 40 million customers worldwide through a network that covers 64 countries and territories.

Challenge

HSBC sought a platform that would facilitate the continuous learning and development of practical cyber skills across its global cyber operations teams. with the goal of helping these teams defend the organization from the rapidly evolving cyber threat landscape, and thus reduce cyber risk.

HSBC needed a solution that would not only be highly engaging but also challenge its teams, enabling them to upskill on- demand in a consistent manner, no matter their location. The content also needed to meet the bank’s exceptionally high standards, as it protects the data of millions of customers and businesses. It had to be highly relevant to each role and cover a broad range of topics at all skill levels. New content should also be available as soon as threats emerge, so their teams’ skills are always current and keep HSBC ahead of the threat landscape.

Solution

Immersive’s services were deployed to to HSBC’s global cyber operations teams, including the UK, Poland,Germany, US, Mexico, India and Hong Kong. The cohesive platform enabled HSBC to accurately measure and evidence cyber capability while pushing continuous skills development across its teams. Each team member has relevant personal objectives built within the platform and aligned to NIST’s NICE framework to power their career development. HSBC has also mapped its teams’ practical skills to the MITRE ATT&CK framework, the standard by which enterprises visualize their surface of attack. Immersive Labs now provides HSBC with increased visibility and evidence of skills, which mean sit can rapidly assign the most appropriate members of the team to defend against attacks using specific techniques or entry methods.

‍

Benefits

Members of those global cyber operations teams can now access content derived from threat intelligence from anywhere, anytime and explore vulnerabilities as soon as they become public. This allows them to get hands-on and gain a much deeper understanding of specific vulnerabilities from both an offensive and defensive perspective. In July 2020, a critical vulnerability was discovered in F5 BIG-IP network appliances. If exploited, impacted devices had the potential for remote code execution. Within days of the exploit being disclosed, Immersive produced offensive and defensive labs to get users hands-on with the vulnerability, which the NVD gave a 10.0 critical CVSS score.