Sberbank deputy chair: “We’re the number one target for hackers around the globe”
The threat of cybercrime is a constant for all businesses, with banks and financial institutions being no exception.
Research by Accenture predicts that between 2019 and 2023, the banking sector is at risk of losing $347 billion as a result of direct and indirect cyberattacks.
The issue has further been exacerbated by the COVID-19 pandemic. Bank of America’s CTO, Cathy Bessant, said that cyberattacks have increased “dramatically” over the pandemic,.
VMware notes a 38% increase in cyberattacks against financial institutions in the first few months of the pandemic alone.
Whether it’s attempted hacks and viruses targeting a bank directly, or social engineering and phishing attacks intended to dupe individuals, financial institutions need to be vigilant in the face of a rising wave of cybercrime to protect customers and core systems.
It’s no surprise then that Sberbank, the largest bank in Russia, Central and Eastern Europe and one of the leading financial institutions worldwide according to Forbes, finds itself on the frontline of the battle against cybercrime.
Stanislav Kuznetsov, deputy chairman of the executive board of Sberbank, tells FinTech Futures: “We are the number one target for hackers around the globe.”
The rise of cybercrime
Mr Kuznetsov has been at Sberbank for the last 13 years. In his current role, his competencies include supervising and coordinating the work of Sberbank’s cybersecurity department.
“I’m responsible for three big areas of security: general security – which includes technical security and physical security – internal security, and cybersecurity,” he says.
With 110 million customers and 15,000 offices, the task of keeping Sberbank and its users safe from cybercrime is not a small one.
And with the constant development of new technology and criminals always looking to find new ways to exploit victims, banks need to be on the front foot when it comes to technical development.
“Everyone is focusing on cybersecurity, and the reason is cybercrime rises together with the rise of technology. Over the past seven years the number of cybercrimes in Russia is up 46x and people have lost hundreds of billions of rubles,” says Mr Kuznetsov.
“Criminals are using tools such as DDOS attacks, viruses, phishing attacks, and ransomware as well as complex attacks being implemented directly on companies’ infrastructure.
“They’re trying to steal personal data, clients’ and banks’ money, and they’re using different vulnerabilities in order to attack companies in a sophisticated way.”
Sberbank’s cybersecurity journey
With the rise of the internet and the ensuing shift to digital, Sberbank, like all businesses, had to adapt.
In the early days of Mr Kuznetsov’s tenure, the bank replaced half of its tech team and started a complete cybersecurity transformation.
“We realised that threats are changing. That is why we needed a completely new tool set in order to protect our customers and our core business to increase the security level and be able to repel threats.
“The old model wasn’t working efficiently enough, and that is why our team had to implement global changes in order to increase the level of security and be capable to deflect threats.”
Mr Kuznetsov says that this “paradigm shift” was the most challenging aspect of the bank’s cyber evolution, and he is quick to highlight the importance of collaboration between financial institutions when it comes to tackling what is a common issue.
“We decided to change everything. We decided to talk to our partners and our colleagues, we went to different corporations, to other banks, financial institutions, and technology companies. We went to different countries including the United States, Germany, and Israel. So we shared experience with the most advanced stakeholders.
“We executed a very strong audit process in order to understand how our processes were looking and in order to change our cybersecurity completely.
“We had to build a brand-new set of processes and IBM was the company who helped us with that.”
Since then, the bank has gone on to develop its own suite of cybersecurity technology, with all of its security operations now handled by native products built in house.
“From the very beginning, our goal was to build our own platforms and our own products,” says Mr Kuznetsov.
“Now our cybersecurity centre uses AI algorithms to analyse 130 billion risk events daily. Since the beginning of this year, it has repelled over 100 DDoS attacks.”
He adds that the bank’s fraud monitoring system can identify 99% of all fraud attempts and has saved 66 billion rubles of clients’ funds over 2021 so far.
Staying ahead of the game
With the banking sector continuing to grow and more cyberthreats arising each day, Mr Kuznetsov knows the firm cannot afford to rest on its laurels. He underlines the importance of knowledge and attempting to stay at the bleeding edge of new cybercrime developments.
“The task of our employees is to be the first to learn about any threats that can be seen in the financial sector. We need to protect our infrastructure, digital services and our customers from cybercrimes.
“We are monitoring the dark net very accurately to identify platforms and people who sell personal data.”
He says the most common threat facing the bank’s clients currently is phone criminals using social engineering techniques to trick customers into revealing sensitive information or transferring money to their accounts.
When facing these attacks, it’s important for banks and financial services companies to keep on top of their customer communications to keep them updated of new threats and how they can best avoid them.
Mr Kuznetsov explains that Sperbank’s efforts in this area, including using AI to track suspicious transactions and warn clients and an incoming call verification service, has helped the firm “prevent around 2 billion rubles per week from being stolen by criminals using social engineering methods,” but admits “the issue of poor cyber-literacy remains, which we are working to solve”.
He also emphasises the danger of ransomware attacks, such as those seen recently impacting the Colonial Pipeline Company and Kaseya.
Ransomware attacks look to infect systems with software that locks the owners out of their data and demands payment to hand back control.
“Russia is not an exception. Russian businesses are being attacked by ransomware, too,” he says, stressing the importance of having a robust toolset to identify and repel such attacks.
Looking to the future
With cybercrime being a global concern, Mr Kuznetsov is keen to highlight the importance of international collaboration when it comes to tackling the issue.
“Around the globe we have subscribed to all relevant references about virus analytics. We stay in touch with the biggest alliances and are members of those alliances.”
He highlights firms should foster direct relations with Interpol and Europol to give and receive information about potential threats.
Sberbank has also developed its own subsidiary, BI.ZONE, which develops products and automated solutions in the cybersecurity domain, investigates cybercrimes and analyses the IT infrastructure protection level of companies around the world.
Heading into the future, Mr Kuznetsov is optimistic that banks and financial institutions are gaining ground in the battle against cybercriminals.
“Criminals have always been one step ahead. But the last couple of years have shown us that the gap is now closing.
“We know much more about cybercriminals than they think.”