In 2019 more than 80% of attacks on bank customers are carried out using social engineering methods. Previously, the attackers used for psychological pressure pensioners but this year in Russia there was a new trend – the target audience for hackers was the population aged 25-30 years. This and other discoveries in the field of information security noted at a press conference Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank.
At the press conference, Stanislav Kuznetsov presented a study of BI.ZONE, a subsidiary company of Sberbank - Threat Zone’19. Illusion of security. In the study, experts from BI.ZONE analyzed the most significant and potentially dangerous cyber security threats in the future.
Stanislav Kuznetsov said that in 79% of cases of attacks by the method of social engineering victims themselves transfer money to the attackers. "This is a feature of our country. The attacks today are focused on a young audience. Fraud using social engineering didn’t exist four years ago," he added and noted that nowadays fraud by this method is growing up to 6% per year.
The next trend of this year has become a shift of the focus of attacks from large organizations to individuals. He noted that the regulator's actions have improved the security situation in large companies . However, small and medium-sized businesses are still at risk. "We consider that this trend will continue in the near future," Stanislav Kuznetsov added.
In addition, by 2019, data breaches had become key cyber security issues. Stanislav Kuznetsov noted that the majority of attacks today are performed using personal data. Last year only the loudest leaks affected more than half a billion accounts. "We must explain to everyone what is allowed and what is forbidden. For example, you can’t take pictures of the computer screen on a mobile phone. It is necessary to conduct training to improve the cyber literacy of employees", - said Stanislav Kuznetsov.
According to BI.ZONE, cyber-theft from banks decreased by 40% in 2019. However, attacks on mobile applications increased by 40%.
The researchers also noted that the mechanics of attacks became more complex. For example, attackers resort to attacks on the "supply chain": instead of getting close to a well-protected victim, they find its vulnerable partners, infect their networks and achieve the main goal through them. The researchers note that the number of such attacks over the past year has increased by 78% and is likely to grow this year.
Another trend Stanislav Kuznetsov called malicious emails. "Three out of ten employees open phishing emails. The percentage of opening malicious emails is growing by 1-2% per quarter," he said.
Representatives of the company BI.ZONE told that in order to improve cyber literacy in the business environment, educational social engineering attacks are conducted for customer companies.
Stanislav Kuznetsov noted the positive aspects of the fight against cyber threats "We won the skimming. In Russia, this type of fraud is almost reduced to zero, - he told and added. - We have solved the problem with skimming. What can’t be said about other areas."
According to researchers, physical methods are still popular among ATM attackers - explosions and burglaries. The total number of cyberattacks was only 7% for 2017-2018.
"The average loss of the company in case of a successful cyber attack - 13 million dollars. I believe that the world has come close to the border of cyberterrorism," Stanislav Kuznetsov said. He emphasized that it is possible to fight against cyber threats only together. "At the level of business, the agreements are going well, at the level of States it is difficult to agree. The business has other goals. We are responsible for the safety of our customers. In this sense, we are out of politics," Stanislav Kuznetsov summed up.