Russia strengthens banking system security standards

New standards and regulations to improve Russian bank responses to cyber-attacks - and help prevent insiders taking advantage of cyber-attacks to cover criminality.

Russian Bank
Russian Bank

Amid the ever growing number of cyber-attacks on the Russian banking system, the country's Central Bank has announced its plans to design new requirements and standards, which should strengthen the level of its cyber-security.

These plans have already been confirmed by Artem Sychev, deputy head of the department of Security and Information Protection of the Central Bank.

As Sychev told SCMagazineUK.com, attacks on Russian banks have become increasingly sophisticated, and hackers have started to focus on destroying the entire infrastructure of the bank, which helps them to more efficiently cover their tracks when illegally withdrawing funds from the accounts of these banks.

Plans for new standards have already begun being drawn up by experts at the Russian Central Bank, which plans to complete its work over the next few months.

It is planned that the new standards will oblige Russian banks to provide the Central Bank, and in particular its recently established Centre for the fight against cyber-threats (FinCERT), with information about cyber-attacks on their accounts on a regular basis.  Simultaneously the position of cyber-security officer is being established at each Russian bank to deal with the issues of cyber-security.

Other details are currently not disclosed.

It is also reported that the new standards should help the Central Bank to tighten controls on the activities of Russian banks, following recent suspicions that cyber-attacks were being used by some banks as a tool to cover the illegal withdrawal of funds from their accounts.

Georgy Luntovsky, the first deputy chairman of the Central Bank of Russia told SC in February that the Central Bank has serious concerns that such mechanisms could be used by certain Russian banks to cover their previous crimes, as well as illegally withdraw money from their accounts.

According to official statistics from the Russian Central Bank, last year the number of cyber-attacks in the Russian banking sphere increased by 30 percent, compared to 2014, with up to 64,000 cases reported, however, according to the Russian Ministry of Internal Affairs, the real figure is about ten times higher than the figures provided by the Central Bank.

To date, banks have been very reluctant to transfer data to FinCERT, as no one wanted to publicise their concerns to their competitors and the Central Bank.

The new standards should also strengthen the level of cyber-security of the Russian Central Bank which is being improved following a recent cyber-attack on the Central Bank of Bangladesh, which resulted in the illegal withdrawal of more than US$ 80 million from accounts at the bank.