The National Bank wants the management of Ukrainian banks to more thoroughly check the personnel of their structures for potential "insiders and collaborators" and to increase protection in the area of cyber security.
This is stated in the recommendations of the NBU "Regarding strengthening the cyber security of the banking system", sent by the regulator.
In it, officials refer to the increasing number of hacker attacks on banking structures.
"Systematic complex attacks on information systems of critical infrastructure objects and organizations that ensure their functioning, with the aim of cyberespionage (data theft) and cyberterrorism (DDoS and destruction of infrastructure)," the document literally reads.
It outlines seven areas that financiers should strengthen to combat data breaches and theft. And the first point of these recommendations is the inspection of one's own employees.
"Pay attention to potential insiders and collaborators within the organization," the National Bank notes.
The regulator did not specify who should be included among them, but it can be assumed that any employee of the bank who discloses internal information to third parties.
The rest of the regulator's prescriptions are more technical in nature. If we summarize the key recommendations, then the following list will be obtained:
1. Regarding remote access to networks: remove unnecessary internal services from the network perimeter, use VPN or other specialized solutions with MFA (multi-factor authentication), minimize access and increase network access control.
2 To work out scenarios of denial of service by the communication provider or in case of compromise of its services.
3. Increase control over the actions of privileged users, isolate and organize strict access control to infrastructure management systems. And also apply strict filtering rules (egress rules) to provide access to information systems to the Internet (use of white lists).
