RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2026/02/18 16:19:00

Cyber ​ ​ training in Russia

.

Content

Information security in banks

Main article: Information security in banks

Chronicle

2025: The number of financial organizations participating in cyber exercises in Russia increased by 10% over the year and reached 320

In 2025, 320 financial organizations took part in cyber exercises on the territory of the Russian Federation. The indicator increased by 10% compared to 2024. These data were presented in the Bank of Russia review in February 2026.

During training, conditional compromise of employees was recorded in 6.5% of cases. The Central Bank explained that this indicator indicates a fairly high level of preparation of organizations to repel such attacks.

320 financial organizations became participants in cyber exercises in Russia

The regulator's review identifies key threats for 2026. Attacks using artificial intelligence are named among the main ones. As explained in the Bank of Russia, such attacks are distinguished by a high degree of automation. The low entry threshold in terms of technical training makes them available to a wide range of attackers, which will predictably lead to an increase in the number of such incidents.

Another serious challenge remains attacks using ransomware. The number is expected to continue to increase. At the same time, as noted in the Central Bank, the tactics of the attackers have changed: if earlier the main goal was a financial buyout, now the priority is to inflict maximum damage to the company's activities. This is achieved by stopping the workflows and then illuminating the incident in the information space.

In parallel, a shift in the focus of attackers from direct extortion and reputation undermining towards data theft is recorded. Stolen corporate information can later be used to organize more complex and large-scale attacks on the organization.

Analysts of the Central Bank also predict the continuation of the trend towards attacks on small and medium-sized enterprises. Attackers use them as a "gateway" to gain access to the infrastructure of large partner companies.[1]

2022

Central Bank will check the security of Russian software in banks

At the end of July 2022, it became known about the decision of the Central Bank of the Russian Federation to check the stability of the IT systems of Russian banks against cyber attacks. In particular, it is planned to check the security of domestic solutions, which began to be introduced after the suppliers of their foreign analogues left the market, a representative of the regulator told Vedomosti.

According to him, the Central Bank has been conducting cyber training with credit institutions since 2020, in 2022 they will be held as planned.

The Central Bank of the Russian Federation will check the security of software in banks
File:Aquote1.png
In the second half of 2022, it is planned to conduct cyber exercises taking into account current scenarios of computer attacks, which include the topic of import substitution of software of credit institutions, the regulator said.
File:Aquote2.png

At the same time, the Central Bank of the Russian Federation did not specify what exactly will be checked during the exercises and what principles of attacks will be imitated.

Previous exercises were conducted with the participation of 70 Russian banks. According to the source of the publication, the scheme looks like this:

  • The Central Bank reports a negative scenario.
  • Banks are launching their security systems.
  • The Central Bank monitors their work and effectiveness.
  • This is followed by a debriefing.

Among the scenario options may be options for disabling certain software or equipment, for example, SAP, Oracle, etc. For example, Oracle database management system (DMS) used all domestic banks in 2021 . This was stated by the developers of the domestic DBMS Postgres Professional. Moreover, the system was used in the "most loaded and critical" places.

1C solutions, own banking products and so on are offered as a replacement. However, there is simply no full-fledged replacement for SAP and Oracle solutions yet, and the created analogues "are largely inferior in their technical characteristics and functionality."[2]

Banks in Russia began to conduct cyber training more often

Banks in Russia in 2022 began to conduct cyber training more often. Moreover, training has spread to employees of all levels - from call center employees to top managers. This became known on February 16, 2023.

On this day, Vedomosti released material with reference to the heads of information security units of large credit institutions. As explained in Sberbank, the exercises are aimed not only at training employees in the correct actions in case of threats, but also at the interaction of other departments with each other. One of the scenarios for development is a massive viral infection (the bank has a ransomware virus simulator that infects workstations of real employees). After that, the bank begins the necessary procedures, without interrupting the customer service process.

Financial market participants actively conduct cyber training and establish interaction between different instances

The second scenario is exercises with a team of attackers. As a rule, these are hackers who are either part of the bank's team, or they are hired specifically for such exercises. The task of the attackers is to obtain information in various illegal ways. At the same time, only the management of Sberbank knows their action plan. An option is also being worked out when a company is attacked not only from outside, but also when an attack is carried out by one of the employees.

PSB also has its own team of attackers, which is trained not only to detect and repel targeted attacks on infrastructure, but also to identify cases of social engineering, said Dmitry Miklukho, director of the bank's information security department. Also, all bank employees are trained through sending them phishing emails, invitations to illegal sites.

Gazprombank concentrated more on high-quality investigations after the attacks. Employees were taught to collect all digital artifacts and evidence base. This is necessary not only to identify where the attack was carried out and which files and systems were damaged, but also to provide the necessary data to law enforcement agencies and regulators.[3]

Notes

  1. In 2025, 320 financial organizations participated in cyber exercises in Russia
  2. Russian software in banks will be checked for security
  3. Banks stepped up cyber training last year
Источник — «https://tadviser.com/index.php/Article:Cyber_%E2%80%8B_%E2%80%8B_training_in_Russia»

Шестерня

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article

If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

How to create a "smart plant": Key characteristics of a modern digital enterprise
Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex