The PSB talked about the effectiveness of a hybrid approach to cybersecurity

A hybrid approach to cybersecurity has proved effective in large Russian banks, said Dmitry Miklukho, Senior Vice President and head of the Information security unit at PSB. He moderated the session "Full-time team or contractor in Information Security: what business is betting on" at the Prosto Kapital Financial Forum.

"Neither pure inhouse nor pure outsourcing works in large banks — only a hybrid model is effective. A bank is primarily a critical information infrastructure, so it is impossible to outsource risk management, access control to the core of an ABS (automated banking system) or incident response in processing, this is strictly an inhouse. At the same time, maximum security in the bank is achieved not by choosing an approach or model, but by the maturity of processes. Therefore, the task of the CISO is not to "choose a model", but to build a balance: keep the core of competencies inside, and give everything that can be effectively scaled to external contractors, but under strict management and metrics," said Miklukho.

During the discussion, experts shared their opinion that there is a growing demand for information security tools in companies. However, for smaller businesses, the approach is more reactive, when information security measures are carried out only after something has happened.

Discussing the topic of delegating the information security function to domestic vendors, the session participants came to the conclusion that different companies need different models, taking into account economic costs and effectiveness. Thus, it is financially more profitable for a small business to outsource specialists than to develop its own staff and form an internal information security center. At the same time, as the business grows, the company will increase the level of competencies, there will be a need to build anti-fraud, so at this stage it is more logical to switch to inhouse.