How protected from cyber attacks banks and stock exchanges: Statistics and expert opinions

The issue of security in the financial sector has been discussed many times from various angles. Payment and banking systems are vulnerable. As long as financial institutions are building protection systems using increasingly sophisticated technologies, scammers are learning to bypass them. But what is the situation really like? Who today took the lead in the confrontation of experts on the safety of financial companies and hackers? This question will help us to answer statistics, backed by expert opinions.

Competition without a winner

Financial fraud is the other side of technology development. It is impossible to completely eliminate the vulnerabilities of payment and banking systems. Therefore, the main efforts of regulators, financial companies and security experts are spent on minimizing risks. At the same time, cybercriminals are trying to find a way to circumvent new methods of protection - as a result, a vicious circle of constant confrontation between attackers and defenders is created.
')
As soon as the first electronic payment services and remote banking services emerged, people appeared ready to take advantage of their shortcomings for mercenary purposes. In this regard, the remarkable story of PayPal. When entering the volume of operations in hundreds of transfers per minute, it becomes physically impossible to track them physically. Because of hacker attacks, the company initially lost $ 10 million monthly, said one of the founders of PayPal, Peter Thiel.

The fraudsters quickly adapted to the automated protection system and found workarounds. It was necessary to create a hybrid of a person and a program - the “Igor” system, after the name of the most active hacker from Russia.

Today, PayPal provides security guarantees to both the buyer and the seller. This does not mean that payment service fraud is excluded. It's just that the company is a plus and can afford to pay for the risks.

In a sense, security is based on the belief in the security of a system. Recently, we wrote about the introduction of a new tokenization technology in Russia, which the Visa and MasterCard payment systems have been actively promoting around the world since 2014. Many believe that today is the perfect protection against fraudsters. It will be considered as such until statistics appear proving the opposite.

Vulnerabilities of banking services

So, statistics. The easiest way to assess the level of security of the financial sector related to electronic payments and transfers is in figures. At first glance, this may seem surprising (especially against the background of regular news about thefts from bank cards), but for Russian users of such systems there is reason for optimism. As the general director of Visa in Russia, Ekaterina Petelina, told Vedomosti, the level of security for bank cards in our country remains one of the highest in the world. The number of fraudulent transactions continues to decline every year.

For 2015, the level of fraud was 3 kopecks. 1000 rubles., A decrease from 4 kopecks. Statistics is different. For example, the Central Bank believes that the number of cases of hacking bank cards through the network has increased. Although the total number of fraudulent card transactions (first of all, through ATMs) decreased by 27% in 2015, the criminals began to use banks' remote client services more actively.

In a recent study of Russian information security experts, it is said that in all remote banking service systems (RBS) taken for testing, experts found vulnerabilities. The majority (39%) of them are designated as disadvantages with a low degree of risk. Compared to 2013–2014 data, the overall share of critical vulnerabilities has decreased markedly (by 14%). Despite this, the overall level of security of online banks remains rather low (90% of RBS have critical vulnerabilities).

Reverse Protection

With banking and payment systems, everything is more or less clear. Security here is a matter of faith and manipulation of different versions of statistical data. What happens in the stock trading sector?

We have already compared the security level of banks and stock exchanges in terms of the quantity and quality of hacker attacks and concluded that attacks on stock exchanges and brokerage companies are relatively rare. If hacking and hacking attempts are considered to be quite commonplace in the banking sector, then each story with an attack on the stock exchange causes a serious public outcry (subject to leakage of information about the incident to the press).

Brokerage hacking statistics are not publicly available. But it should be understood that in the case of attacks on stock exchanges or brokerage companies, it is extremely difficult for hackers to count on immediate earnings. Burglars can take advantage of the stolen information for dishonest trade, but this is already a rather complicated scheme, which not every attacker can do. Most cybercriminals prefer to follow the path of least resistance.

Moreover, thanks to the work of the Central Bank of the Russian Federation, the security system on the Russian stock exchanges is built quite well. In 2015, our own information security center was established here, actively exchanging information with banks and stock exchanges. In 2016, the Moscow Exchange was forced to completely switch to a new information architecture and upgrade equipment to minimize losses from technical failures.

All this is about the security of the system as a whole. Hacking an individual brokerage account is theoretically no more difficult than a bank account. To do this, the attacker needs encryption keys and a password. You can get them by simply launching a Trojan into the system. But withdrawing and withdrawing funds is much more difficult.

The fraudster will have to begin to manipulate securities, which requires completely different skills. But exchanges today limit the maximum range of price fluctuations during a single trading session. Therefore, in any case, losses are reduced to a small, relative to the entire amount, percentage.

In addition, to minimize potential damage, brokerage companies are developing various customer protection systems. We will talk about how similar protection is implemented in the ITinvest MatriX trading system in one of the following posts (you can briefly read about it here ).

Ultimately, the complexity of hacking and withdrawing brokerage systems makes such cyber attacks not too profitable for cybercriminals.

Other materials on finance and stock market from ITinvest :

• ITinvest educational resources
• Analytics and market reviews
• Big Jackpot: Why hackers attack SWIFT financial transfer system
• Lazarus: Who is behind the attacks on the SWIFT bank transfer system
• How Russian hackers have robbed the Nasdaq
• Russian hackers hacked Dow Jones and seized insider information
• Protect Algorithm: What Hackers Attacking the Stock Market Are Interested in