The National Bank advised banks to pay attention to potential insiders and collaborators in the team. The NBU sent a corresponding letter with recommendations for strengthening the cybersecurity of the banking system to Ukrainian banks. This was reported by Business Censor with a link to Interfax-Ukraine.
► Read the Ministry of Finance on Instagram: the main news about investments and finance
In the document, the National Bank notes systematic complex attacks on information systems, critical infrastructure facilities (CI) and the organizations that ensure their functioning with the aim of stealing data, carrying out DDoS attacks and destroying infrastructure.
In order to avoid these risks, the regulator also recommended that banks remove unnecessary internal services from the network perimeter, use VPN or other specialized solutions for remote access with the mandatory use of multi-factor authentication (MFA). The National Bank also called on banks to minimize access to the network and increase control for third-party organizations and counterparties.
According to the letter, the National Bank recommended that financial institutions work out scenarios of denial of service and procedures for changing providers, as well as scenarios of compromising a data center (DC) and transferring services to another DC.
Other recommendations include the creation of reference cold copies of critical systems , servers and configurations stored on separate media without access to the network.
In addition, the NBU offers banks to increase control over the actions of privileged users, isolate and organize strict access control to infrastructure management systems (virtualization systems, network management , backup, protection, etc.) and, if possible, use PAM (Privileged Access Management) systems for these purposes.
The regulator also advised financial institutions to apply strict filtering rules (egress rules) for providing information systems access to the Internet. In this part, the NBU also called on banks to monitor changes in user rights and changes to group policies.
- NBU
