Stanislav Kuznetsov grew up in a military family. Born in Leipzig on July 25, 1962. Has military and legal education. Graduated from the Red Banner Institute of the Ministry of Defense in 1984 and from the Law Institute of the Ministry of Internal Affairs of the Russian Federation in 2002, Candidate of Legal Sciences. In addition to Russian, he speaks two foreign languages, Czech and German. Married, father of two daughters.
Currently he is Deputy Chairman of the Board of Sberbank. Owns a share in authorized capital bank and ordinary shares. In between military service and banking activities, he held management positions in the government of the Russian Federation, and was a member of various councils.
Career
Like his father, he began his career with service in the Armed Forces from 1980 to 1998, after which he was transferred to the International Cooperation Department of the Ministry of Internal Affairs of the Russian Federation. At the time of his dismissal in 2002, he held the position of 1st Deputy Head of the Department and held the rank of colonel.
After leaving service in the Ministry of Internal Affairs, he moved to the Ministry economic development and trade Russian Federation. Until 2004, he headed the administrative department. From 2004 to 2007 was director of the Department of Administration of the Ministry of Economic Development and Trade.
2007 is becoming a busy year in the career of Stanislav Konstantinovich. Thanks to the fact that in 2006 the Government allowed ministers to increase the number of deputies to five, in April 2007 Kuznetsov held the position of fifth Deputy Minister of Economic Development. According to Gref, the main task of the fifth deputy will be the implementation federal program development of the city of Sochi as a resort.
In September 2007, by Presidential Decree, he became a member of the development council physical culture and sports.
In October, Stanislav Kuznetsov was included in the ranks of the commission for the protection of state secrets.
In November, he became a member of the supervisory board of the State Corporation for the Construction of Olympic Venues and the Development of Sochi as a Mountain Resort.
At the beginning of 2008, following his boss German Gref, he resigned on his own initiative from the post of deputy minister. Immediately after this, he holds the post of senior vice president and becomes a member of the board at Sberbank. According to Stanislav Konstantinovich, the transition was not directly related to the Olympics. But working at Sberbank, they both make a great contribution to the preparation for this event.
In October 2010, Stanislav Kuznetsov takes the next step in career ladder. He, as in the ministry, becomes Gref’s deputy, and holds the post of deputy chairman of the board of Sberbank. While in office, Kuznetsov is responsible for the work of the Administrative Block, coordinates the bank’s security departments, and heads the regional directorate of the cash management center.
In the spring of 2012, Stanislav Kuznetsov became responsible at Sberbank for the Olympic construction, and for a certain period, he was personally present there.
Contribution to the Sochi Olympics
In preparation for such a large and significant project for the country as Olympic Games, many government and commercial structures. Of course, the largest bank in Russia also took part in preparations for this event. Sberbank was not only the general partner of Sochi 2014, but also a co-investor in the construction of the ski jump complex and media village.
After a scandal involving the vice-president of the Russian Olympic Committee due to delays in the preparation of the Olympic village and its facilities, the government shifted responsibility for the construction of the media village to Sberbank. And the Balilov brothers, accused of causing damage to Sberbank, sold their shares in Krasnaya Polyana OJSC, which built the Mountain Carousel tourist complex, and left the country.
Stanislav Kuznetsov was appointed to oversee this area at the bank. He was one of those who had to work, as they say, on the ground. Personal presence was needed in the fall, when it became clear that the contractors were not coping and were not investing in the established deadlines. His responsibilities included communication with the general contractor, as well as with local officials and independent experts.
Kuznetsov had to recruit a team of Sberbank employees to work as superintendents at Olympic venues. Since the bank is not a construction organization, we had to gather people from all over the country from property management departments. At its peak, the size of the task force under Kuznetsov’s command reached eighty people.
Thanks to well-established communication with local construction organizations, Kuznetsov managed not to miss the deadline for the delivery of the Olympic facilities, even when the Turkish contractor, initially chosen by the bank, failed.
On the promise control service “Promises.Ru”, you can read the statement of Stanislav Kuznetsov during a period of sharp increases in currency prices and general panic. As deputy chairman of the board of Sberbank, he stated that the bank will not limit the issuance of cash to its customers and will even increase the load on ATMs due to increased demand: “I can firmly state that Sberbank has not introduced any restrictions and does not plan to introduce any. Moreover, we We are ready for this situation of increased public demand for cash and will provide any needs of the population for it, so that people can get everything they want." Also, contrary to some alarmist rumors, it was promised that cooperation with payment systems Visa and MasterCard will not stop. The promises made by Kuznetsov turned out to be true.
Awards and thanks
Hard work has been recognized many times state awards and thanks. Kuznetsov Stanislav Konstantinovich was awarded the Order of Honor, Friendship, Alexander Nevsky, the Order of Merit for the Fatherland, fourth degree, and certificates of honor from the Government of the Russian Federation and the President. Was awarded gratitude from the President of the Russian Federation.
Over the past period of this year and last? Has the nature of these attacks changed and how does the bank respond to them?
- The number of cyber attacks continues to increase - both on Russian banks in general, and on Sberbank as the most “tidbit” of the market, because we have the most clients and data of interest to attackers. This is confirmed by statistics: in the first quarter of 2019, the Sberbank Cyber Defense Center processed more than 12.5 thousand suspected cybersecurity incidents, almost a quarter of them posed a threat to us. This is 1.8 times higher than in the same period last year.
As for the nature of the attacks, I would call 2019 the year of leaks, which are increasingly occurring both in Russia and in the world as a whole. In the first quarter of 2019, 19% more data leaks were recorded worldwide compared to the same period last year. In total, 6.5 billion user data records were compromised worldwide, which is four times more than in the first quarter of 2018.
The number of DDoS (distributed denial of service) attacks remains consistently high, when the system is deliberately overloaded with a huge number of requests from different addresses.
Since the beginning of 2019, the Cyber Defense Center’s systems have repelled 52 DDos attacks—significantly more than in the same period last year. Moreover, this year the attacks have become more powerful and longer lasting.
At the same time, cyber attacks are becoming more diverse and increasingly aimed at new technologies. Additional risks are created by various cloud services, as well as the popular BYOD (bring your own device) trend today, when company employees are allowed to work from a personal computer or laptop connected to internal network companies.
Separately, I would like to say about the Internet of Things (IoT) and 5G. On the one hand, it’s great when your refrigerator orders food itself, and you can remotely ask the kettle to heat up the water. But you need to understand that in this case, a refrigerator, a kettle, and any other device with Internet access can be used for DDoS attacks. Moreover, you, as a user, will not even know about it, and you are unlikely to think much about the cybersecurity of such devices, because your money is not stored in them. There are already 8 billion IoT devices in the world, their number will grow every year, and, accordingly, the power of DDoS attacks will also only increase.
And I’ll name two more trends. First, criminal groups are increasingly using complex attack scenarios tailored to a specific industry or even company. Second, cybercriminals are increasingly looking for indirect ways to gain access to an organization’s infrastructure. To do this, they attack the “supply chain”: instead of approaching a well-protected company, they find its vulnerable partners and contractors, infect their networks, and through them, the main target. The number of such attacks in the world in 2018 increased by 78%.
Unfortunately, in order to penetrate a company's infrastructure, it is not always necessary to hack software. It is much easier to “hack” an employee who, without knowing it, will lead the criminal to the necessary data. I’m talking, for example, about phishing, which today accounts for more than 60% of attacks on the banking sector of Russia and a number of European countries. Phishing is mass mailings on behalf of popular brands that, for example, you have won a prize or can take a survey and get money for it. Such emails contain a link to a malicious website that is indistinguishable from the website famous brand. By clicking on the link and entering his data, the user infects his device with a virus.
Every year, the Cyber Defense Center prevents more than half a million attempts to send emails containing malicious attachments or phishing links to bank employees. Since the beginning of 2019, specialists from the Sberbank Cyber Security Service have identified and sent for blocking more than 2,000 phishing resources similar to the Sberbank website.
— The other side of the problem is the theft of data and money from citizens, including Sberbank clients. How do you deal with this?
— Our clients are protected from it by a fraud monitoring system based on artificial intelligence. It detects the vast majority of all fraud attempts. Thanks to this system, from January to May of this year, we prevented the theft of customer funds in the amount of over 13.5 billion rubles.
At the end of the first quarter of 2019, over 80% of the total volume of fraud against our clients was so-called “social engineering”. This again means that it is easier to “hack” a person than a system. There are dozens of fraudulent schemes, which most often come down to obtaining confidential information from a person under a plausible pretext (unblocking a card, compensation for spa treatment, etc.): his bank card details, login and password for logging into, for example, “ Sberbank Online".
We constantly carry out explanatory work, telling clients that under no circumstances should anyone, even a bank employee, be given any card details other than its number. We are saying that the PIN code for an ATM and the password for Sberbank Online cannot be stored on paper.
But still, in stressful situations, people often get lost and, with their own hands, give criminals access to their money.
In most cases, the anti-fraud system is able to stop a cybercriminal - it analyzes all of the client’s transactions and in real time identifies suspicious transactions that do not correspond to the client’s financial habits. For example, when pensioner Marya Ivanovna, who lives in Saratov and has never traveled anywhere, suddenly makes a financial transaction in Vladivostok, the bank makes a follow-up call to her, and it turns out that scammers are trying to withdraw money from her account.
But, unfortunately, the main part of fraud using social engineering consists of so-called “self-transfers”, when the client independently performs and confirms a transaction under the influence of a fraudster (for example, transferring an advance payment for a purchase from advertising sites or from social networks), and then contacts the bank with the claim that he was deceived.
The conclusion is obvious: only technical means, even the most modern and effective ones, cannot completely protect clients from “social engineers”. Therefore, we need to continue working to improve clients’ cyber literacy and strengthen this area at the state level.
— Do you work proactively - for example, do you see attacks on other companies/users and adjust your infrastructure?
— The essence of cybersecurity lies precisely in the fact that it is a constant, second-by-second work to stay ahead of the curve, a continuous “arms race” that occurs on both sides of the law. And one of the key components of this work is the exchange of information. This is always difficult: who would want to tell, even a narrow circle of experts, that they were hacked, and even describe the process in detail? It’s hard, but if you remain silent, it will only get worse for everyone. As they say, all companies are divided into those who have been hacked and those who do not yet know that they have been hacked. We want the expert community to learn about such hacks as early as possible in order to prevent them in the future.
Of course, we closely monitor everything that happens in the world of cybersecurity, exchange information with Russian and international partners, improve monitoring tools, and develop our security technologies. In particular, we have developed and use our own Threat Intelligence Platform, which allows us to collect and analyze information on various cyber threats.
We are fighting for information cooperation to become a well-functioning mechanism for all participants in the process: business, government. And this cooperation must be international, must be above any geopolitics and any bureaucracy. Otherwise, it will not make any sense, because cybercriminals, unlike you and me, are not tied to national borders: from anywhere in the world they can attack any company and citizen of any country.
The leading criminal cyber groups are transnational, and without international cooperation they cannot be brought to light.
In Russia, we have already managed to formulate the basic outlines of such cooperation in the financial sector. For example, the platform for exchanging data on cyber threats, implemented under the auspices of the Association of Banks of Russia, today unites more than 40 banks, including the largest financial institutions in the country. In just six months of work, thanks to data exchange, it was possible to prevent losses of more than 3 billion rubles.
There are also serious successes on a global scale. The work is carried out by the WEF Center for Cybersecurity (C4C), official opening which took place during the annual session in Davos in 2018. This is a unique platform for cooperation between representatives of the largest global corporations, leading players international market cybersecurity, representatives of law enforcement agencies in order to develop a joint strategy to combat global cybercrime. Sberbank is one of the founding partners of C4C and has permanent place V Supervisory Board center.
— What solutions in the field of information security can you offer to the foreign market?
— Cybersecurity services for external clients are provided by our subsidiary BI.ZONE, one of the world-recognized leaders in the field of cybersecurity. This is research and analysis of malware software, investigation of cybersecurity incidents and rapid response to these incidents, collection of information about potential threats, various types of testing: for security against social engineering methods, for penetration, for the security of mobile and web applications.
I would like to emphasize that sometimes our colleagues help for free - this can be compared to putting out a fire, when you need to react quickly, without waiting for formalities, otherwise hundreds and thousands of people will suffer.
We had a case when BI.ZONE employees went to one of the hospitals in which the operation of medical equipment was paralyzed due to hackers, and the health and lives of patients were at risk.
We are actively developing the Russian cyber risk insurance market. Our subsidiary Sberbank Insurance was the first in Russia to offer mass cyber risk insurance products. Thus, in 2017, the company included the risk of production interruption as a result of cyber attacks in its insurance package for small businesses. During the first year of the program, about 3.5 thousand clients took out such policies, and in the first quarter of 2019 - about 3 thousand. At the end of 2018, the company offered this type of insurance to individuals, including the risk of cyber threats in the insurance product bank cards. During the six months of operation, about 2 million clients have already taken out such policies.
And I’ll give one more example: our mobile applications Sberbank Online for the Android platform contains a built-in antivirus. It protects not only the application itself and the client’s money, but also the entire smartphone. Reliable and completely free not only for clients - for everyone who installed our application from official store. Considering that Sberbank Online is one of the five applications with the largest active audience in Russia - we have over 40 million active users - we can say that this is our significant contribution to the cybersecurity of a significant part of the country's population.
— What technologies are based on artificial intelligence increase resistance to cyber threats?
— The introduction of artificial intelligence (AI) radically simplifies many routine tasks facing cybersecurity departments. The amount of data is growing exponentially, and only AI can cope with this, which takes on the most labor-intensive operations, including round-the-clock monitoring and repelling every second cyber-attacks. Today, both are carried out automatically - a person connects only when the situation goes beyond the typical framework.
And at the same time, criminals are also aware of all its artificial intelligence capabilities. And they not only attack the victim’s AI to penetrate the company’s systems, but also use it themselves to find vulnerabilities, conduct phishing attacks, bypass biometric authentication and security, create malicious software, and guess passwords.
— One of the sessions of the International Cybersecurity Congress is called “Secure Digital World - Future or Utopia?” In your opinion, is this the future or a utopia?
— I would say this: the digital world is certainly our future, because progress is irreversible. How safe this world will be depends on all of us. And from the state and business, which must develop legislation adequate to existing cyber threats. And from law enforcement agencies who will monitor its compliance. And from citizens who, I am sure, will gradually learn to respond to cyber threats as sensitively as they do to threats from the physical world.
After all, we, relatively speaking, do not carry our money in an open wallet in the middle of the night in the most criminal area, nor do we leave the house leaving the door wide open. But for some reason we still come up with passwords like 123456.
And here I see two directions, each of which is equally important: on the one hand, the fight against cybercrime, and on the other hand, the development of digital literacy and cyber culture, I would even say cyber hygiene. Yes, we want to make the digital world safe, we are confident that we can, and we are ready to invest money in this. But even now, by following simple security measures, each of us can significantly reduce the likelihood of becoming a victim of a hacker attack or social engineering. This applies to both companies and individuals.
And, I repeat, I see the key to success in cooperation and interaction, in the unity of all those who, just as much as we do, want to make the digital world safe. This is why we are holding the International Cybersecurity Congress for the second year in a row with the participation of business, government, experts, and IT specialists from all over the planet. Therefore, “utopia” is precisely the idea that everything will “settle down” on its own. If nothing is done, the World Economic Forum projects that the global cost of cybercrime, already $1.5 trillion in 2018, will reach $8 trillion by 2022. So let’s work together to break this dangerous trend and look for an antidote to the plague of the 21st century - the cybercrime pandemic.
Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, and Dmitry Samartsev, Director of Sberbank's subsidiary BI.ZONE, told the site about the current problems and challenges in the field of cybersecurity for the largest Russian bank.
We see that Sberbank is investing a lot of funds in information security. It is probably number one among Russian banks in this regard. You invest money based on economic efficiency or is it an image investment and a driver for sales of bank services?
S.K.: We are the number one bank, but not in terms of investments in cybersecurity. Rather, we are the number one target for hackers, and not only Russian ones. We are seeing a huge number of attacks being carried out by attackers on our systems, trying to find holes. We pay a lot of attention to improving the quality of our processes and policies and respond quickly to attacks. I believe that for a company that professionally deals with cybersecurity, 80% of its effectiveness depends not on money or hardware, but on the ability to manage processes. Over the past three years, Sberbank has managed to completely change the cyber risk management process. Compared to Western companies, we invest tens of times less in security. And even in Russia we are not leaders in this indicator.
How acute is the personnel problem for Sberbank today?
S.K.: Everyone has a personnel problem. If 10-15 years ago the main specialty in short supply was an accountant and economist, today all over the world it is a specialist in the field of cybersecurity. This is a highly paid job, but it is extremely difficult to find specialists. We have a good team, but professional personnel there is not enough, so we invest a lot in further training and retraining people. For this purpose, we have created a Cyber Security Academy.
The Sberbank Cyber Security Service employs graduates from more than 200 universities. A bit much, isn't it? The thing is that the cybersecurity industry has no supporting educational institutions, which would supply ready-made specialists. And the guys who graduate from universities, even from such as Moscow State University and Baumanka, are faced with the fact that we have other tasks and needs that their knowledge does not fully correspond to. We are in dialogue with the Ministry of Education, and we have an understanding with them that it is necessary to clarify the programs of universities at the level of the Ministry and relevant departments.
Another initiative aimed at training and attracting talent is the annual international conference OFFZONE, organized by our cybersecurity subsidiary BI.ZONE. The event prepares young professionals for combat conditions so that they understand the challenges they will face in practice.
What role does BI.ZONE play in Sberbank’s security ecosystem?
S.K.: BI.ZONE does three important things. Firstly, the company protects the bank by constantly testing our systems from the outside. Secondly, BI.ZONE knows how to conduct incident investigations, and here it is one of the leaders Russian market. And thirdly, BI.ZONE develops and sells products and services in the field of cybersecurity, which are in great demand by the market. We believe that the company is developing well and quickly, it has big strategic goals and plans. It cooperates with Interpol, various states, and takes an active position in interaction with the World Economic Forum and the entire professional community. And the BI.ZONE CERT incident response team is a full member of the FIRST association. This approach certainly increases efficiency in preventing cyber attacks and investigating incidents.
Dmitry Samartsev
Director of BI.ZONE
In 2011 he graduated from the Moscow State Technological University "Stankin" with a master's degree in information technology.
In 2016, he also graduated from the Diplomatic Academy of the Russian Ministry of Foreign Affairs, where he received a diploma in economics with a specialty in world economics.
He was one of the co-founders of Treatface, where he served as Development Director before creating BI.ZONE.
Before Founding own business, Dmitry Samartsev was vice president for technological development at INLINE Technologies, part of the INLINE Technologies Group.
Dmitry, how closely do you cooperate with Sberbank?
D.S.: The Sberbank Group today accounts for about 20 percent of BI.ZONE's revenue. This is not our main client, but one hundred percent owner. Of course, we do everything the bank needs in terms of ensuring business continuity and cybersecurity for clients and the bank itself. However, all projects in which we participate, we win on the basis open competitions. For Sberbank, we are the same supplier as Positive Technologies, Group-IB or Kaspersky Lab. In some places the bank chooses our solutions, in others the solutions of competitors, and this helps us to be on our toes.
So there are no preferences?
D.S.: None. We participate in competitions on a general basis. This is Sberbank’s approach to all its subsidiaries. If you do subsidiaries preferences, they may lag behind technologically.
What are the main areas in which you cooperate with Sberbank?
D.S.: This includes penetration testing, vulnerability analysis, forensics, and anti-fraud. In particular, Sberbank uses our anti-fraud platform in various payment channels - BI.ZONE Cloud Fraud Prevention. Or, for example, our analytical reports on Threat Hunting inside the SOC help Sberbank catch APTs, that is, identify targeted attacks.
We do penetration testing at both software and hardware levels. The main topic of the OFFZONE 2019 conference is hardware. Why? After conducting a lot of audits for Sberbank and other clients, we realized that the topic of hardware protection in our country receives very little attention, so we decided to involve specialists in this area.
Which of your products target the wider market?
D.S.: We have three areas that best cover customer requests in the field of cybersecurity - proactive protection, response and incident investigation. The first is expert services: forensics, pentests, and a laboratory for researching hardware attacks. The second is the development of our own products. Of these, the key one is antifraud, a platform for protecting against cyber fraud. It is available in two versions - both on-premise, that is, with the integration of the solution into the customer’s IT infrastructure, and a cloud version for banks that do not have expertise and cannot spend a lot of money on it. We are ready to outsource this function. At the same time, we support all RBS channels: cards, online banking, emission, acquiring, and so on. And another product is the BI.ZONE ThreatVision platform for exchanging information about cyber threats. It is being implemented within the framework of the Association of Banks of Russia; about 70 organizations are already connected to the platform. The product clearly demonstrates that it is much more effective to build cyber defense through joint efforts than to fight cyber threats alone.
The third major area is cybersecurity outsourcing, SOC as a service. Here are cloud products that allow you to outsource the security function of an organization. This is a good alternative for companies that cannot afford dedicated staff and expensive equipment or want to focus on strategic objectives, such as increasing the maturity of cybersecurity processes and risk management.
Which of these areas is more important to you in the future?
D.S.: They are all interconnected. Products and services are in high demand by the market, organically coexist together and bring in approximately the same share of revenue. And without expert services it is impossible effective work other directions.
Thanks for the interview and good luck in business!
