Purpose. Due to the use of technology in banks their risks of information security breach are rising significantly. In the context of active introduction of remote banking services (RBS) in banking business of Russia, additional study of issues of assessing the risk of cyberattacks on banking automated systems was required. Methods. The methods of financial management, probability theory, system analysis of scientific literature on fundamental and applied research, and a method of graphical interpretation of analyzed phenomena are used. The paper gives a detailed analysis of the concepts of "cyberspace" and "cybersecurity". Remote banking is considered from the point of view of financial management. Attention is drawn to the factors of work in cyberspace that increase the levels of banking risks. The relationship of cyberattacks on banking automated systems and possible consequences for the bank is analyzed. Novelty. Given the wide spread of social engineering methods when committing fraudulent activities on the Internet the measures to increase the cyber literacy of population are needed. The method for assessing the risk of cyberattacks on RBS for use by risk department specialists and employees of internal control services is developed. As a result, considering innovative systems and technologies that await us in the future, the effectiveness of risk assessment for solving current challenges is increased. Results. Attempts are made to formulate the mathematical model of the probabilistic analysis of information security incidents to optimize the algorithm for responding to incidents. Calculations based on the proposed model made it possible to determine the duration of exploitation of vulnerability of RBS, when the probability of preventing an incident exceeds probability of its realization. The findings may be useful for scientific research on the risks of information security breach in RBS.
Авторы исследуют риски компьютерных атак на автоматизированные банковские системы. Актуальность исследования обусловлена необходимостью пересмотра подходов к оценке рисков, в основе которых лежат технические составляющие банковских бизнес-процессов и последствия кибератак, направленных на банковские автоматизированные системы в кредитных организациях. Цель исследования состоит в описании разработанных методов оценки киберриска в коммерческом банке и предложении одного из вариантов оценки рисков нарушения информационной безопасности в технологиях электронного банкинга. Методология статьи включает анализ отечественной и зарубежной литературы по теме исследования, теоретико-вероятностный метод расчета, компьютерное программирование и графическую интерпретацию информации. Проанализирован операционный риск коммерческого банка для разработки компонентов системы операционного риск-менеджмента в условиях развития технологий электронного банкинга. Разработана компьютерная программа для количественной оценки вероятности риска воздействия кибератак на технологии электронного банкинга (с использованием Borland Delphi). Формализована вероятностная модель определения наиболее уязвимого сегмента техник риск-менеджмента, используемых структурами по обеспечению информационной безопасности. Сделан вывод о возможности разработки программного комплекса на основании математической модели, позволяющей сократить количество проверок факторов риска в несколько раз. Результаты исследования могут быть применены для дальнейших практических разработок риск-подразделений кредитных организаций, использующих технологии электронного банкинга. Ключевые слова: риск воздействия кибератак; технологии электронного банкинга; информационная безопасность; оценка риска; вероятностная модель; компьютерная программа; типичные банковские риски
The aim and objectives of the article are to analyze fraudulent phishing schemes and develop recommendations for Internet use and relevant regulatory tasks. The relevance of the article is due to the peculiarities of working in cyberspace with the emergence of new sources of banking risks, both for customers and organizations. The scientific novelty of the manuscript consists of a detailed analysis of phishing schemes, the development of recommendations and directions in relation to the Russian Federation. The object of the study is cyber fraud in the credit and financial sphere; the subject is social engineering and phishing schemes. The methodology of the paper includes a systematic analysis of the literature and sources on the research topic, general scientific methods (analysis, synthesis, deduction, analogy, classification), correlation analysis of data, graphical visualization of information. The authors consider the main methods of phishing and the most common techniques used by cybercriminals. Based on the critical analysis of the literature the authors determined a promising direction for the scientific and technical potential of Russia. A correlation analysis of the relationship between the number of cybercrimes and commercial banks is performed. The study offers recommendations to Internet users (how to recognize the signs of fraud), and to regulatory bodies on improving the system of supervision over the dissemination of information in cyberspace. The authors concluded that it is necessary to increase the level of cyber literacy and general literacy of the population, on the one hand, and to modernize the methods of supervision and control of the information posted on the Internet, on the other hand, to effectively counter financial and cybercrime. The research results can be used in the further development of remote banking services for the population to increase competitiveness in the banking services market. Prospects for further research on this topic lie in expanding its structure, developing the competencies of specialists in the field of remote banking technologies, as well as developing the scientific and technical potential of Russia.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.