How protected are banks and exchanges from cyber attacks: Statistics and expert opinions



    Security in the financial sector has been discussed many times from different angles. Payment and banking systems are vulnerable. While financial institutions are building security systems using increasingly sophisticated technologies, fraudsters learn to circumvent them. But what is the real situation? Who took the lead today in the confrontation of security experts from financial companies and hackers? This question will be answered by statistics supported by expert opinions.

    Competition without a winner


    Financial fraud is the flip side of technology development. It is impossible to completely eliminate the vulnerabilities of payment and banking systems. Therefore, the main efforts of regulators, financial companies and security experts are spent on minimizing risks. At the same time, cybercriminals are trying to find a way around new methods of defense - as a result, a vicious circle of constant confrontation between attackers and defenders is created.

    As soon as the first electronic payment services and remote banking systems appeared, people appeared ready to take advantage of their shortcomings for personal gain. In this regard, the history of PayPal is noteworthy. When you reach the volume of transactions of hundreds of transfers per minute, tracking them physically becomes unrealistic. Due to hacker attacks, the company initially lost $ 10 million per month, says Peter Thiel , one of the founders of PayPal.

    The scammers quickly adapted to the automated protection system and found workarounds. I had to create a hybrid of man and program - the Igor system, named after the most active cracker from Russia.

    Today PayPal provides security guarantees for both the buyer and the seller. This does not mean that fraud in the payment service is excluded. Just a company in the black and can afford to pay for the risks.

    In a sense, security is based on a belief in the security of a system. Recently, we wrote about the introduction of a new tokenization technology in Russia , which Visa and MasterCard payment systems have been actively promoting around the world since 2014. Many are sure that today it is an ideal protection against scammers. And it will be considered such until statistics appear proving the opposite.

    Vulnerabilities in banking services


    So, the statistics. The easiest way to evaluate the level of security of the financial sector associated with electronic payments and transfers is by numbers. At first glance, this may seem surprising (especially against the background of regular news about thefts from bank cards), but there is reason for optimism for Russian users of such systems. As Yekaterina Petelina, Visa CEO in Russia, told Vedomosti, the level of security with bank cards in our country remains one of the highest in the world. The number of fraudulent transactions continues to decline every year.

    In 2015, the level of fraud amounted to 3 kopecks. 1000 rubles., down from 4 kopecks. Statistics can be different. For example, the Central Bank believesthat the number of cases of breaking bank cards through the network has increased. Although the total number of fraudulent transactions with cards (primarily through ATMs) in 2015 decreased by 27%, criminals began to use bank remote client services more actively.

    A recent study of Russian information security experts says that in all systems of remote banking services (RBS) taken for verification, experts found vulnerabilities. Most (39%) of these are identified as low-risk deficiencies. Compared with the 2013-2014 data, the total share of critically dangerous vulnerabilities significantly decreased (by 14%). Despite this, the overall level of security of online banks remains rather low (90% of banking accounts have critical vulnerabilities).

    Reverse protection


    With banking and payment systems, everything is more or less clear. Security here is a matter of faith and the manipulation of different versions of statistics. What is happening in the stock trading sector?

    We have already compared the security level of banks and exchanges in terms of the quantity and quality of hacker attacks and concluded that attacks on exchange sites and brokerage companies are relatively rare. If in the banking sector hacks and hacking attempts are considered to be quite commonplace, then every story with an attack on the exchange causes a serious public outcry (provided that the incident data is leaked to the press).

    There are no statistics on hacking brokerage systems in the public domain. But it is worthwhile to understand that in the case of attacks on exchanges or brokerage companies, it is extremely difficult for hackers to count on immediate earnings. Hackers can use the stolen information for dishonest trading, but this is already a rather complicated scheme, which not every attacker can do. Most cyber fraudsters prefer to follow the path of least resistance.

    Moreover, thanks to the work of the Central Bank of the Russian Federation, the security system on Russian exchanges is built quite well. In 2015, it created its own information security center, which actively exchanges information with banks and exchanges. In 2016, the Moscow Exchange was forced to completely switch to a new information architectureand upgrade equipment to minimize losses from technical failures.

    All this is about the security of the system as a whole. Hacking an individual brokerage account is theoretically no more difficult than banking. For this, an attacker needs encryption keys and a password. You can get them by banally launching a trojan into the system. But withdrawing and cashing out funds is already much more difficult.

    A fraudster will have to start manipulating securities, which requires completely different skills. But exchanges today limit the maximum allowable range of price fluctuations during one trading session. Therefore, in any case, losses are reduced to a small percentage of the total amount.

    In addition, to minimize potential damage, brokerage companies are developing various customer protection systems. We will talk about how such protection is implemented in the ITinvest MatriX trading system in one of the following posts (you can read more about this at the link ).

    Ultimately, the complexity of hacking and withdrawing brokerage systems makes such cyber attacks not very beneficial for cybercriminals.

    Other financial and stock market related materials from ITI Capital :



    Also popular now: