The Bank of Russia will check cyber security in a new way

Short description

Summarize this content to 100 words This year, the Bank of Russia “is going to check the activity of banks’ information security systems according to a new scenario. In previous years, the regulator warned in advance about training. This time, it is going to conduct a surprise check by sending letters with malicious software to bank employees. Information security experts talk about the risks of as a result, real criminals will join the exercises.”To implement these amazing measures, the Bank of Russia is asked to send them “at least 30 e-mail addresses of employees, giving priority to those who work in the information security service.” In order to create conditions close to reality, the participants will not be notified of the exact date of the cyber exercises,” the Bank of Russia writes.Maybe I’m wrong, and maybe it should be, but in this regard Article 273 of the Criminal Code of the Russian Federation “Creation, use and distribution of malicious computer programs” is mentioned:Creation, distribution or use of computer programs or other computer information intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection means, -shall be punished by restriction of freedom for a term of up to four years, or forced labor for a term of up to four years, or deprivation of liberty for the same term with a fine in the amount of up to two hundred thousand rubles or in the amount of wages or other income, convicted for a period of up to eighteen months.The actions provided for in the first part of this article, committed by a group of persons based on a prior conspiracy or by an organized group or a person using their official position, and also caused great damage or were committed out of selfish interest, -shall be punished by restriction of liberty for a term of up to four years, or by forced labor for a term of up to five years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years or without, or by deprivation of liberty for a term of up to five years with a fine of in the amount of one hundred thousand to two hundred thousand rubles or in the amount of the salary or other income of the convicted person for a period of two to three years or without such and with deprivation of the right to hold certain positions or engage in certain activities for a period of up to three years or without such.Actions provided for by parts one or two of this article, if they caused serious consequences or created a threat of their occurrence, -shall be punished by imprisonment for a term of up to seven years.Of course, the same applies to IS auditors and other pentesters, and therefore it is interesting to think how the Bank of Russia will get out of a rather delicate situation (and also, maybe, stories from life, how the IS auditors get out).

The Bank of Russia will check cyber security in a new way

This year, the Bank of Russia “is going to check the activity of banks’ information security systems according to a new scenario. In previous years, the regulator warned in advance about training. This time, it is going to conduct a surprise check by sending letters with malicious software to bank employees. Information security experts talk about the risks of as a result, real criminals will join the exercises.”

To implement these amazing measures, the Bank of Russia is asked to send them “at least 30 e-mail addresses of employees, giving priority to those who work in the information security service.”

In order to create conditions close to reality, the participants will not be notified of the exact date of the cyber exercises,” the Bank of Russia writes.

Maybe I’m wrong, and maybe it should be, but in this regard Article 273 of the Criminal Code of the Russian Federation “Creation, use and distribution of malicious computer programs” is mentioned:

  1. Creation, distribution or use of computer programs or other computer information intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection means, –

shall be punished by restriction of freedom for a term of up to four years, or forced labor for a term of up to four years, or deprivation of liberty for the same term with a fine in the amount of up to two hundred thousand rubles or in the amount of wages or other income, convicted for a period of up to eighteen months.

  1. The actions provided for in the first part of this article, committed by a group of persons based on a prior conspiracy or by an organized group or a person using their official position, and also caused great damage or were committed out of selfish interest, –

shall be punished by restriction of liberty for a term of up to four years, or by forced labor for a term of up to five years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years or without, or by deprivation of liberty for a term of up to five years with a fine of in the amount of one hundred thousand to two hundred thousand rubles or in the amount of the salary or other income of the convicted person for a period of two to three years or without such and with deprivation of the right to hold certain positions or engage in certain activities for a period of up to three years or without such.

  1. Actions provided for by parts one or two of this article, if they caused serious consequences or created a threat of their occurrence, –

shall be punished by imprisonment for a term of up to seven years.

Of course, the same applies to IS auditors and other pentesters, and therefore it is interesting to think how the Bank of Russia will get out of a rather delicate situation (and also, maybe, stories from life, how the IS auditors get out).

Related posts