OREANDA-NEWS. ‘The regulator supports the initiative to amend the RF Civil Code in order to re-classify punishable offences and enhance punishment for cybercrime’, said Artem Sychev, deputy head of the Bank of Russia Main Office of Security and Information Protection, in the speech during the plenary session Cybersecurity in the Face of New Challenges and Threats.

According to Bank of Russia data quoted by Artem Sychev, recently the volume of unauthorised transactions across corporate accounts using remote banking services (RBS) has dropped by more than three times from 3.18 billion rubles over the three quarters in 2015 to 1.05 billion rubles over the same period this year. Similar trend has been registered for the volume of unauthorised transactions of individuals during the same periods, i.e. from 1.84 billion rubles in 2015 to 1.65 billion rubles this year.

Artem Sychev noted that this contraction in the volume of cybercrime was been largely due to the role of the Centre for Cyber-attack Monitoring and Response in the Financial Sector (FinCert), which was set up as part of the Bank of Russia last year, and also to the adoption of the antifraud system. The speaker also stressed that modern criminal practice consists not of criminal bands, but is rather represented by a full-fledged industry with a clear distribution of functions, where the authors of malware derive income by selling their software rather than by stealing money from the customers of banks. Therefore, even after the liquidation of individual criminal groups, their software remains in the hands of criminals and continues to pose threat.

Eugene Kaspersky, CEO of Kaspersky Lab, in turn classified cyber-attacks as ‘digital middle ages’. He is definite that prospective digital innovations need to take into account security issues as early as at the stage of design.

In the face of the cybercrime possessing good internal communications, financial institutions also need to unite, share information about threats and attacks. In this regard, participants in the discussion said that this process definitely calls for the participation of the regulator. This being so, financial organisations fail to consistently support their own information security, remarked Artem Sychev, because this is a separate issue which shall be resolved by joint efforts of many parties, and not by the regulator alone.

The plenary discussion was also devoted to the weaknesses of payment apps used by banks, and also to certain limitations and shortcomings of the current legislation. The Bank of Russia’s priority objectives in this sphere remain the following: development and implementation of banking standards in the sphere of information security, enhancement of criminal punishment for cybercrime, empowering banks by force of law with the function to terminate unauthorised funds transfers and to return such funds, and also to work out legislative and economic measures motivating banks to step up their own information security.