--- url: "https://xcademia.com/courses/critical-infrastructure-defence-finance-and-banking" title: "Critical Infrastructure Defence: Finance and Banking" description: "Three-day practitioner training for banking & finance security teams covering DORA, Lazarus Group tactics, SWIFT security, and incident notification." publishedAt: "2026-04-13T12:28:50.610378+00:00" updatedAt: "2026-04-17T07:19:43.103007+00:00" type: course code: "CYB-0174" level: Practitioner duration_days: "3" track: "Cyber Warfare & Advanced Threat Defence" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "3495" --- # Critical Infrastructure Defence: Finance and Banking > A practitioner programme for financial sector security professionals covering nation-state tactics against banking infrastructure, DORA operational resilience requirements, and advanced financial fraud defence. Develop the skills to protect SWIFT networks and payment systems from Lazarus Group-style APT operations, classify incidents under DORA, and produce regulatory notifications under time pressure. ## Overview The Lazarus Group's theft from Bybit in early 2025 demonstrated that North Korean state-sponsored actors now operate as the most prolific financial cybercriminals in the world. Financial institutions simultaneously face threats from nation-state actors blurring espionage and organised crime, AI-powered fraud at unprecedented scale, and increasing regulatory obligations under DORA and sector-specific PRA and FCA requirements. Over three mentor-led days, participants examine nation-state tactics specific to financial sector targeting, apply DORA resilience requirements to cyber warfare threat scenarios, protect SWIFT network infrastructure and payment rail systems, develop fraud detection approaches for AI-powered financial attacks, and produce a DORA-aligned incident response and regulatory reporting plan. The programme concludes with a full capstone simulating a nation-state intrusion into a banking network: participants classify the incident under DORA, produce the regulatory notification within the exercise window, and present a board briefing. This course is aligned with DORA, PRA Operational Resilience Policy, FCA guidance, and SWIFT Customer Security Programme mandatory controls. ## Prerequisites - Professional experience in financial sector security, fraud risk, technology risk management, or compliance. - Basic understanding of the financial sector regulatory environment including PRA, FCA, and EU regulation. - Familiarity with cybersecurity fundamentals including SIEM, incident response, and threat detection. ## What you will learn - Identify nation-state tactics specific to financial sector targeting, including Lazarus Group operations against banking and cryptocurrency infrastructure. - Apply DORA operational resilience requirements to cyber warfare threat scenarios in a financial institution context. - Protect SWIFT network infrastructure and payment rail systems from nation-state intrusion methodologies. - Classify a financial sector cyber incident under DORA and produce a compliant regulatory notification. - Detect and respond to AI-powered financial fraud and APT operations using appropriate tooling combinations. - Present a board-level briefing on a nation-state cyber incident covering impact, regulatory status, and remediation. - Design a DORA-aligned incident response programme for a financial sector organisation. ## Skills you will gain - DORA incident classification and notification - SWIFT network security implementation - Financial sector APT detection - AI-powered fraud recognition - Regulatory notification production - Insider threat programme design - Board-level cyber incident briefing - Payment system resilience planning - DORA compliance gap assessment - Financial sector threat intelligence ## Career progression - Banking CISO - Financial Security Engineer - DORA Compliance Lead - Fraud Risk Manager - Treasury Technology Lead - Financial Risk Manager ## Curriculum 1. **Module 1: Getting Ready** - Pre-reading: DORA operational resilience requirements overview and Lazarus Group current profile - Introduction to SWIFT Customer Security Programme mandatory and advisory control framework - Accessing course resources and financial sector threat intelligence datasets - Course objectives, financial security knowledge baseline assessment, and pathway alignment 2. **Module 2: Financial Sector as a Nation-State Target** - Why financial infrastructure is targeted: strategic leverage, intelligence collection, and direct revenue generation - Lazarus Group: the anatomy and attribution of the Bybit theft operation - SWIFT targeting campaigns and central bank attack methodology across multiple continents - North Korean cyber activity blurring state intelligence collection with organised financial crime - Cryptocurrency theft as direct state financing: how stolen assets fund nuclear and weapons programmes 3. **Module 3: AI-Powered Financial Attack Vectors** - Synthetic identity fraud at financial institution onboarding and KYC scale - AI-generated spearphishing targeting financial staff with hyper-personalised lures - Deepfake voice attacks against payment authorisation workflows and executive impersonation - AI-powered transaction fraud that adapts its patterns to evade evolving detection system baselines - Contact centre fraud: £44.5 billion in projected losses from AI-enabled vishing and fraud operations 4. **Module 4: DORA Operational Resilience Requirements** - DORA scope: which financial entities fall within the regulation and applicable timelines - ICT risk management framework requirements and what they mean operationally for financial institutions - ICT third-party risk: vendor oversight obligations and supply chain security requirements under DORA - Threat-led penetration testing under DORA: TIBER-EU framework and execution requirements - Business continuity and disaster recovery requirements specific to DORA operational resilience standards 5. **Module 5: DORA Incident Classification** - DORA major incident classification criteria: thresholds, triggers, and escalation requirements - PRA and FCA operational incident reporting obligations alongside DORA dual-framework management - Classifying a nation-state cyberattack within the DORA incident taxonomy correctly - Coordination between internal incident response teams and regulatory notification responsibilities - Practical exercise: classify a simulated financial sector nation-state cyber incident under DORA 6. **Module 6: Regulatory Reporting During an Active Attack** - DORA initial notification, intermediate report, and final report: required timelines and minimum content - Communicating with PRA, FCA, and ECB during an active nation-state cyber incident - International coordination requirements during a systemic multi-institution financial sector attack - Legal privilege considerations for incident response documentation and regulatory submissions - Managing public communications and media relations during a financial institution cyber incident 7. **Module 7: SWIFT Network and Payment System Security** - SWIFT Customer Security Programme mandatory controls and their operational implementation - Payment rail protection: securing the messaging infrastructure between financial institutions - Transaction monitoring for nation-state actor payment system abuse and fraud facilitation - Real-time payment system resilience: protecting instant payment infrastructure from disruption - Recovery and reconstitution of payment systems after a nation-state cyber incident 8. **Module 8: Fraud Detection vs APT Detection** - Why fraud detection systems fail to detect APT actors and why SOC tools miss sophisticated fraud - Combining fraud analytics and SIEM telemetry for unified nation-state financial crime detection - Insder threat in financial services: UEBA detection patterns and investigation approach - Supply chain compromise in financial technology: how third-party compromise reaches core banking - Unified threat detection architecture design for financial institutions facing combined threats 9. **Module 9: Insider Threat in Financial Services** - Why financial institutions are disproportionately high-value insider threat targets - Behavioural patterns of insider threat activity: data exfiltration, account manipulation, and fraud facilitation - UEBA deployment and tuning for financial sector insider threat detection at operational scale - Investigating a suspected insider threat within legal, HR, and regulatory constraints - Building a financial sector insider threat programme that balances security and staff trust 10. **Module 10: Capstone: Nation-State Banking Intrusion** - Receive a simulated nation-state intrusion scenario affecting a mid-size banking institution - Classify the incident accurately under DORA and produce the required regulatory notification - Design the containment and recovery response timeline with stakeholder communication plan - Present a board-level briefing covering impact assessment, regulatory status, and remediation plan - Full instructor debrief: incident classification accuracy, notification quality, and board briefing effectiveness 11. **Module 11: Personal Action Planning and Pathway** - Translating programme learnings to your specific financial institution's environment and regulatory context - Prioritising DORA compliance programme actions against approaching regulatory deadlines - Building the investment case for financial sector cyber security capability development - Next pathway steps: Threat Intelligence Analysis and Attribution Tradecraft (X-CWTIA-A) - X-Ray referral: mapping team capability against DORA, PRA, and financial sector security frameworks ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions **Who is this course designed for?** Financial sector security teams, fraud and risk managers, DORA compliance leads, treasury technology teams, and banking CISOs responsible for operational resilience and security. **Is DORA covered comprehensively?** Yes. DORA scope, ICT risk management, third-party risk obligations, incident classification criteria, and regulatory notification requirements are all covered with practical exercises throughout the programme. **How current is the Lazarus Group content?** The Bybit theft case study, North Korean financial targeting doctrine, and current cryptocurrency theft methodology are reviewed and updated continuously to reflect the live threat landscape. **What do I leave with?** A Certificate of Achievement, a completed DORA incident classification exercise, a regulatory notification from the capstone, a board briefing document, and a personal action plan. **Does this course need an exam?** No. Assessment is through practical exercises and the Day 3 capstone. Completion requires full attendance and delivery of the capstone board briefing and regulatory notification. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0174 | | Duration | 3 days | | Level | Practitioner | | Track | Cyber Warfare & Advanced Threat Defence | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £3495 | --- ## About this content This Markdown course profile is the citation-grade twin of [Critical Infrastructure Defence: Finance and Banking](https://xcademia.com/courses/critical-infrastructure-defence-finance-and-banking). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/critical-infrastructure-defence-finance-and-banking - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt