moscow skyline

Cyber attacks on financial institutions are becoming increasingly frequent, so organisations must invest in continuous development of protection against threats, including shared knowledge, experts warn.

The danger is that current developments in security may create an overly-optimistic view in the financial sector, which could lead to a spike in data breaches in future, warns Vyacheslav Kasimov, director for information security at Credit Bank of Moscow.

He said: “The threat is real both in Russia and in the world in general. This is confirmed by what we see in the news as well as by our own statistics. Attacks on banks have not become less frequent. The upward trend in the number of attacks remains in place”.

According to the World Economic Forum’s Global Risks Report 2018, cyber-attacks and data theft rank just behind natural disasters and extreme weather events as the most likely to occur, with a global impact greater than involuntary migration, food crises and the spread of infectious diseases.

The potential for immense damage and disruption from cyber attacks on the financial sector is clear, meaning that IT-security plays a critical role in business stability.

However, the International Monetary Fund warns that the industry is particularly vulnerable to attack.

In its working paper Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment, it highlights as a key area of weakness the very high levels of interconnection of networks that provide the basis for the banking system functioning, along with the prevalence of so-called legacy systems in many institutions.

Kasimov argues that alongside with direct investment, international cooperation and information exchange is an essential defence in the ongoing cyber wars.

Credit Bank of Moscow, the seventh largest bank in Russia, with assets of more than RUB2,000 billion (USD$30 billion), has developed software for monitoring and fraud detection, but Kazimov added: “An opinion that basic rules worked out on the basis of international companies’ experience can find no application in Russia is erroneous.”

Key technologies include next-generation firewalls that provide integrated network security platforms that include alternative security solutions for traffic filtering, such as Deep Packet Inspection (DPI) and Intrusion Prevention Systems (IPS).

In several banks in Russia, tests are being carried out on Endpoint Detection and Response (EDR) technologies that adapt and learn as cyber-attacks occur.

With the Cost of Cyber Crime study undertaken jointly by the Ponemon Institute and Accenture revealing it is financial services where the cost of cyber crime is the highest, the importance of sharing knowledge, developing new deterrents and implementing them as widely as possible will continue to be a priority to combat the global nature of the threat.