The Slovak banking sector has long been regarded as one of the most responsible in the field of cybersecurity. This is also confirmed by the National Security Authority, which in its 2024 annual report states: “This sector consistently achieves the best results in audit reports and cybersecurity assessments.”
This is not only because banks are among the most strictly audited and regulated organizations on the market, but above all because, by the very nature of their existence and business, banks inherently aim to protect sensitive data and transaction flows.
“Banks know how to lend money, but they also understand that there is always some level of risk involved. They are able to quantify that risk and then implement appropriate measures. The same applies to cybersecurity. Banks have been focusing on cybersecurity for a long time because they themselves consider it extremely important. In the past, they were among the first to move into the online space, and they are aware of the risks that come with it,” explains Ján Adamovský, Chief Security Officer at Slovenská sporiteľňa.
Blue team during training at the BinConf Range for banks and financial institutions
Regulation, combined with the need to strictly protect their business, creates natural pressure to be prepared for any incident. According to all global statistics, the financial sector is the second most attractive target for cybercriminals after healthcare. Banking and financial institutions worldwide face tens of thousands of intrusion attempts every day.
Banks face relatively fewer attacks, which is why they need to train more
Slovak banking IT specialists agree that, despite global trends, attackers have so far relatively “spared” the local banking sector. According to available data, the number of incidents reported by banks in Slovakia in 2024 decreased year-on-year by roughly one third. This fact in itself calls for even more intensive training in responding to attacks in a “live operations” environment, such as BinConf RANGE wargame simulator. by Binary Confidence. A realistic environment, scenarios, and above all attacks keep cybersecurity teams in the necessary state of readiness and enable them to respond flexibly, quickly, and in a coordinated manner in the event of a real attack.
According to Kamil Bekeč, Head of Information Security at VÚB Bank, it is an ideal environment for team coordination. “In reality, we don’t encounter such a volume of attacks, and the infrastructure we are protecting is familiar to us. In the training simulator, however, it is new and in a different state than we would like. That makes it a good challenge to coordinate and work as a team when facing multiple attacks.”
An experience you won’t repeat in a bank
The BinConf RANGE simulation exercise is built on a range of scenarios covering all types of attacks, from widely distributed mass campaigns to highly targeted operations resembling the behavior of advanced organized groups (APT).
Blue team during training at the BinConf Range for banks and financial institutions
During training, bank representatives work with full-scale technologies rather than simplified models, and must defend a simulated organization in real time against a full spectrum of modern threats. “We also conduct penetration testing, which allows us to identify potential vulnerabilities and address them. However, this exercise has a different nature. This is essentially a live attack, something you don’t easily experience. It is extremely valuable in terms of skills and experience,” says Roman Jarábek from Central Securities Depository of the Slovak Republic
The spectrum of attacks includes traditional ransomware, email and sensitive data leaks, exploitation of zero-day vulnerabilities, various types of network and application attacks, detection of sophisticated
C2 channels, as well as spyware. During training in BinConf RANGE, attackers also target server and physical infrastructure, domain controllers, outdated software, and do not overlook insider threats. Experiencing “live attacks” during training is considered extremely important by Michal Gross, Head of IT Security at 365 Bank. “One thing is to have incidents documented procedurally, incidents that were stopped thanks to technologies and protective mechanisms. Another is when the kill chain has already been breached and we are in the ‘exfiltration’ phase. At that point, it’s work under stress, and we need to see how we are able to respond.”
“Prevention alone is not enough; the ability to detect and respond to an attack is equally important. It is impossible to prevent everything, which is why it is crucial to be prepared to react when an attack occurs. This kind of arena is an excellent opportunity for that,” adds Ján Adamovský from SLSP.
Experts from the banking sector appreciate the variability
BCrange operates as a full-scale cyber training ground, where defense training and simulated attacks take place in an environment very close to real operations. It is a space where technologies and procedures used by professional security teams and attackers converge from monitoring systems and analytical platforms to advanced automation tools for red teaming.
Blue team during training at the BinConf Range for banks and financial institutions
“I see BinConf RANGE as a great solution, especially because it is a platform. In the past, I experienced trainings that were put together ad hoc, tailored to a specific scenario. Here, I see a platform where you can more оперативно configure what is currently needed,” evaluates the wargame simulator Ján Adamovský from SLSP.
Participants on the defense side practice everything from detecting early signs of an incident, through response in crisis situations, to detailed analysis of the traces left behind by attackers. Opposing them is an automated red team using MITRE Caldera to accurately simulate attacks based on real-world techniques.
Within a single infrastructure, the entire ecosystem of tools familiar to professionals comes together: Elastic Security, Wazuh, Velociraptor, and MISP for defense and analysis, opposed by attacker toolsets such as Kali Linux, Commando VM, and Caldera itself. “These technologies are used in corporate environments, whether it’s Elastic or Palo Alto, so this is truly hands-on experience. We also have the opportunity to cooperate with each other through various cases. At the same time, Binary Confidence provides specialists who can help show us how to work more effectively with these tools,” highlights Filip Frola from ČSOB Bank.
Michal Gross, Head of IT Security at 365.bank, evaluates the training with a classic saying: “The more you sweat in training, the less you bleed in battle.” According to him, the main value of the exercise lies in the fact that the security team can operate under pressure in an environment that does not mimic routine. “I come here with a certain level of knowledge and share it with others. It’s great benchmarking. I can find out whether we are doing well, lagging behind, or even performing worse.”
“Training on a platform like BinConf RANGE is the closest you can get to reality in terms of attack simulation. I definitely recommend experiencing such a platform going through real attacks in a safe environment and getting feedback on what worked and what didn’t,” concludes Ján Adamovský from SLSP.
The European Cybersecurity Competence Centre (ECCC) supports this activity under project grant agreement No. 101128075.
