Previous
29 August 2019

Threat Intelligence platform – first year results summary

2019-08-29_16.26.02.jpg

BI.ZONE and the Association of Banks of Russia have shared the results of the first year of the cyberthreat data exchange platform in operation. The platform already caters to about 70 financial institutions. According to experts, in the course of the year, the platform helped prevent a total loss of $122 million.

This joint project between BI.ZONE and the Association of Banks of Russia, being a platform designed for the exchange of data on cyberthreats, allows users to build effective proactive security in financial organisations. The solution helps to counteract criminal attacks through collaboration between participants, rigorous testing and the provision of sourced information taking into account industry and regional specifics. Important advantage of this approach is high accessibility at low resource. This platform minimises cyberrisks without a significant rise in security costs, and the information gathered on it caters to banks of any scale.

The participants can access the latest data available: tens of thousands of indicators are automatically added and updated daily in the platform which help detect a potential threat (indicators of compromise). The sources of data are considered to be all the organisations that subscribe to the Association of Banks of Russia, as well as its technology partners, among which is FinCERT at the Bank of Russia, also, developers of cybersecurity tools, including the international antivirus giant ESET, large telecom providers, BI.ZONE Computer Emergency Response Team and many more. Within the framework of the technological partnership, BI.ZONE and the Association of Banks of Russia are granted access to the ESET Threat Intelligence telemetry service, which has more than 100 million points of collecting information about threats across the world.

"Technology is constantly evolving, and the only way to stay ahead of cybercriminals is by joining security efforts. We are glad to see greater attention being paid to cybersecurity globally. The exchange platform for financial institutions in Russia is definitely a step forward for the stronger protection of both banks and their customers, and it beefs up cybersecurity in one of the most sensitive sectors eyed by cybercriminals," says ESET Chief Research Officer Roman Kováč.

The benefits of this collaboration were first demonstrated at Global Cyber Week in Moscow via an online training Cyber Polygon, aimed at exercising international business cooperation in combating digital threats. During the event, three large-scale cyberattack scenarios were played out — massive DDoS attacks, SQL injections and phishing. In the first part of each scenario, participants were asked to defend themselves single-handedly, in the second, they connected to the data exchange platform and tackled the threats together. In the latter part, the resistance to cyberthreats proved to be more than 7 times as effective.

"Protection against cyberthreats today comes to the fore, as all financial market players understand that it is impossible to develop the technological component of their business, while ignoring security issues," said Georgy Luntovsky, president of the Association of Banks of Russia. "We are glad that many participants have realised the importance of cooperation when dealing with digital attacks. This tendency is reflected in the number of users connected to the platform and in the surge of data sources. And with this, we urge everyone to unite in the fight against cybercrime."

"The use of high technologies by banks is already a mandatory competitive advantage, and the digital banking system is very much influenced by the entire banking sphere," comments Alexander Baranov, Head of the Information Security Department of SAROVBUSINESSBANK PJSC (VTB Group), "Our bank was one of the first to connect to the platform back in 2018. The platform reveals its full potential once the relative data thereof is loaded into the automated systems of threat mitigation, anti-fraud systems or SIEM. With a single subscription we have access to information from a variety of sources, the data itself has already been filtered by the platform administrators, which minimises the number of false positives. The information about cyberthreats downloaded from the platform allows us to counter fraud more effectively and reduces the likelihood of information security incidents."