The Central Bank of the Russian Federation summed up the results of the cyber exercises held in November-December 2020, designed to test the information security systems of Russian financial organizations.
The intention to launch cyber training for the Russian banking sector was announced in 2019 by the Central Bank of the Russian Federation. According to the organizer, the exercises should be held in the format of stress testing for resistance to cyber threats once every two years.
22 organizations voluntarily participated in the past cyber-trainings. According to Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow, various situations of responding to incidents were practiced and procedures for interaction with the Bank of Russia were tested.
According to Mikhail Ivanov, Director of the Information Security Department of Rosbank, "participation in cyber training is primarily an opportunity to demonstrate its reliability to the regulator".
The Bank of Russia's audits are aimed at ensuring that banks comply with the established requirements and determine whether their infrastructure is designed and implemented correctly in terms of cybersecurity.
As Vitaly Zadorozhny, head of the cybersecurity department of Alfa-Bank, explains," they check the level of cyber-hygiene in the organization, but they do not allow determining how effectively the bank will operate when attacked.”
Artem Sychev, the First Deputy Director of the Information Security Department of the Central Bank, said that cyber training makes it possible to quickly identify the risks of financial organizations.
At the same time, the Bank of Russia has recently fined 17 banks for non-compliance with the requirements of the information security system.
At the same time, the consequences for those tested with the new approach of the Central Bank are getting tougher. If a fine is issued based on the results of the checks, then the Bank of Russia may potentially worsen the risk profile of the credit institution based on the results of the cyber studies.