Gref: not a single bit of information can be taken out of Sberbank


Sberbank announced a radical review of its security policy. After the leak of customer data, information security measures have been tightened so much that employees complain about “slowing down work processes” and “excesses” of the security service.    Further it will be worse. “The incident that happened has changed our paradigm,” said German Gref. During a direct line with the employees of Sberbank, he recalled the introduction of a new technological platform that would not allow the transfer of “not a single bit of information unauthorized”. But now there is no such platform yet, therefore the security service is forced to “do it manually” (to check employees).   “We could not respond to what happened. We need to radically redefine our attitude towards cyber defense of our internal resources. I have already said that we proceeded from the paradigm that people inside the bank understand how important and responsible the role of a bank employee is. And to build a system that would fully protect us from all kinds of abuses inside is impossible. The incident that happened has changed our paradigm. We said: we cannot rely on chance and one unscrupulous person cannot pour a spoonful of tar in a barrel of honey, ”Gref said.    By the end of 2022, the bank plans to transfer about 80% of its services to the new technology platform: “2023 will probably be the final year of transferring services to the platform. Then there will be some little things that will be loaded in the operating mode. ”    After the data leak, I had to take the toughest measures: “Today we control many times more than before,” the head of Sberbank said. – Unfortunately, what we see even in the last month, we have a significant number of incidents. Attempts to transfer information from the bank in a variety of ways. Each of these methods we carefully study and implement a control system. In the end, we will create such a system when it will not be possible to get a single bit of information out of the bank unauthorized. But today we have to do it manually. ”    According to the information of the Kommersant publication, on one of the shadow resources on October 13, 2019, an announcement appeared about the sale of personal data of Sberbank customers per million lines. The announcement stated that the database contains complete data of bank customers with loans or credit cards: passport, registration, residential addresses, phone numbers, accounts, balance or debt.         Information in the database on Sberbank has been collected since 2015 and is updated weekly. Data is sold in any volume with a random sample at a price of 30 rubles per row.     UFO Care Minute This material could cause conflicting feelings, so before writing a comment, refresh something important in your memory:    How to write a comment and survive  Do not write offensive comments, do not get personal.  Refrain from obscene language and toxic behavior (even in a veiled form).  To report comments that violate the rules of the site, use the “Report” button (if available) or the feedback form.   What to do if: minus karma | blocked account   → Code of authors Habr and habraetiket → Full version of site rules