International Cybersecurity Congress 2018: in the spirit of collaboration
From 5-6 July 2018, Moscow welcomed cybersecurity professional from all over the world in the first International Cybersecurity Congress (ICC), Sberbank’s conference with aims to become a global reference in the area.
Cybersecurity is a pressing matter, and most financial institutions cannot understate how much of a priority it has become in their agenda. This is mostly due to how easy it has become to access software that can compromise the bank’s systems.
And as such a global threat is upon us, we have Sberbank’s cybersecurity congress, with one aim and one aim only: promote conversations and foster collaborations that can help all the good guys raise the defence walls taller than ever thought possible.
Stanislav Kuznetsov, deputy chairman of the executive board of Sberbank, kickstarted these two days of conversations asking the opening panellists about the priorities and best practices in the industry. If a bank runs based on the trust of its customers, then vulnerabilities like the ones discussed in the congress are nothing but detrimental.
Test the dangers of tomorrow
Olga Dergunova, deputy president and chairman of VTB Bank management board, said that the risk of being breached came as a result of doing your usual banking business, and that as you exercised your role as a bank better for your customer, more eyes turn towards you. The only thing one can do, as far as resources go, is defend their own domain, and collaborate with other entities to prevent it not for yourself, but for the industry as a whole.
However, she said one of the running topics was the question of making complex security systems more convenient, and that means setting standards for security frameworks that can allow systems to act quickly and efficiently, including for DLT.
But the requirement to make this happen is collaboration. For starters, Dergunova said we need a cross-bank sandbox to “test the tech and dangers of tomorrow”.
It’s not about tech implementation, as more and more tech just increases the complexity and those vulnerabilities. In fact, much of our tech can hold the fort. It’s all about making current and new tech more secure, efficient, and reliable.
Ahead of the curve
That is not to say that there is not potential in the new technology, but at the moment, new tech is ahead of the legislative curve, said Anatoly Kozlachkov, VP, Association of Banks of Russia.
The rest of the panellists seem to agree, as Dergunova remarks on the fact that testing mechanisms haven’t been properly developed. This makes regulation trail, as whatever new systems we develop will not be fool-proof from the start.
Dergunova and Kozlachkov believe that information platforms are the way to go. This idea would help companies develop new tech is that it’s not vulnerable from the get go, and without some basic rules to standardise and maintain this tech up to data and efficient, we’re just creating holes. This links back to the idea of setting up testing ecosystems to try and push tech to the edge.
This becomes particularly relevant when you consider SMEs, which are more vulnerable as they don’t have the capital to invest in highly sophisticated defence methods.
Dmitry Samartsev, CEO of BI.ZONE, said at the panel that they want to promote the idea of addressing these challenges together, particularly for law enforcement agencies and regulators, who could help in the preservation of each other and the institutions they oversee.
This leaves great room for the development of an international ecosystem, but things aren’t as simple as they sound. In practice, geopolitical tensions make information sharing beyond the borders of the EU as Anton Shingarev, VP at Karspersky Labs, explained.
Overall, it is clear that there needs to be rules that foster collaboration and that create a safer banking ecosystem. Kuznetsov dreams of making Russia the leading force in cyber legislation, particularly given the activity on both sides of the fence in the country, although he acknowledges that this might take decades.
To wrap this up, Durganova’s words perfectly summarise the spirit of the congress: “Everyone discusses about how slick and intuitive the mobile app may look like, but nobody will remember that if your systems collapse due to a breach.”
The first report from the event looked at how DDoS is the business of petty criminals.
Want to know more about Sberbank and its tech? Read our in-depth case study here.