Project #SafebyRaiffeisen

Project description

The #SafebyRaiffeisen project aims to significantly strengthen Raiffeisenbank's resilience in the field of cybersecurity, increase the readiness and resilience of processes against current and future security threats, build internal capacities and ensure responsible compliance with cybersecurity legislation.

We will contribute to strengthening and securing the supply chain of digital technologies in the EU, in particular in the area of financial services and with operators of essential services. We will pro-actively share the knowledge gained during the implementation of the project.

By applying this approach, we want to raise awareness of cybersecurity trends, threats and defence methods. 

At the same time, we will contribute to the creation of the European Cyber Shield. One of the main directions pursued by the project is to evaluate our readiness for the age of quantum computers and to use new approaches to identify cyber threats in this area. 

The project's planned activities include a wide range of cybersecurity measures, processes and strategies. The effectively implemented measures will contribute to achieving the European goals as well as to promoting cooperation and harmonization of practices between Member States in line with the objectives outlined in the DIGITAL-ECCC-2023-DEPLOY-CYBER-04-EULEGISLATION call and Cybersecurity Work Programme 2023-2024.

Main project objectives

Strengthening the bank's cybersecurity

We want to become a leader in cybersecurity by implementing advanced tools, such as SIEM and PAM, and expanding the Zero Trust principles already in place. We will also focus on improving IT resilience and analysing Raiffeisenbank's preparedness for quantum threats.

Compliance with EU regulations and Czech legislation

We pursue compliance with EU cybersecurity regulations, in particular the NIS2 Directive. We focus on the legislative framework of the EU and the Czech Republic.

Knowledge sharing

Our goal is to raise awareness of cybersecurity topics through various information initiatives and events. We will address the general public, professional institutions, financial institutions, internal employees and other service providers in the financial sector. In this manner we will encourage pro-active cooperation on cybersecurity across the EU.

Protection against cyber threats

We will ensure that we are as least vulnerable to cyberattacks as possible. This will help us maintain continuity of service, protect the bank's repute and maintain customer confidence in the banking sector.

Detailed project description

The #SafebyRaiffeisen project focuses on improving cybersecurity and ensuring compliance with the NIS2 directive within Raiffeisenbank. The project's emphasis on cybersecurity processes and mechanisms directly corresponds to the objective of improving the security of digital and financial service providers within the EU.

Main activities:

Creation of new processes and analyses related to new cybersecurity tools and trends
Review of security policies and standards to ensure compliance with legislative requirements
Review of the risk assessment strategy for cybersecurity management
Implementation of advanced solutions such as SIEM, PAM and Zero Trust
Evaluation of preparedness for threats related to the use of quantum computers
Sharing knowledge and creating a platform for exchanging best practices and knowledge with other financial institutions in the EU

These steps will ensure that the bank is able to detect and respond quickly to cyber incidents and, where appropriate, inform competent authorities, thereby contributing to the overall security of digital services in the EU.

Collaboration and information sharing

The project promotes cooperation with other organisations within the EU, such as CSIRTs or ENISA, and initiates information sharing between financial institutions and regulators, building an interconnected and pro-active cybersecurity community.

The project will also include workshops and training sessions to share information. The aim is to actively participate in inter-institutional forums focused on cybersecurity, creating a platform for dialogue and cooperation among key stakeholders.

Compliance with legislation

Support for the project aimed at increasing the visibility of cybersecurity coincides with the intention of the Cyber Security Act (181/2014 Coll.). The project includes activities such as awareness-raising, training programs and solutions for security incident management. The aim of the project is to support the certification of the bank's cyber practices and alignment with generally accepted recommendations issued by the National Cyber and Information Security Agency, for example.

The project supports the adoption of recognised security standards and practices in the banking sector and promotes the certification of substantive cybersecurity measures. The outputs developed by the project, namely the analysis of quantum computer readiness requirements and the quantum threat preparedness plan, will support the development of the future EU framework for the certification of Quantum Ready financial institutions.

Conclusion

The project fits into the EU's objectives as it strengthens cybersecurity practices. It improves incident management, contributes to the overall security and trustworthiness of digital technologies and services in the Czech Republic and the EU. This confirms the commitment of Raiffeisenbank and the wider financial sector to strengthen the European Cyber Shield.

Project team

Gabriela Obešlová

Gabriela Obešlová has been working at the bank as Head of Security for four years. She has many years of experience in IT management, security programs and project management, business development and other projects. She has a master's degree in law from Masaryk University in Brno. With her experience and knowledge, she is responsible for the smooth implementation of the entire #SBR program.

Miroslav Kvíčala

Miroslav Kvíčala is the head of information security and has 15 years of experience in the security industry, with a deep understanding of the latest threats and trends. He manages, develops and implements effective security measures to protect the bank's data and systems. He effectively communicates security risks to the bank's management and other stakeholders.

Tomáš Zrcek

Information Security Expert in the Security department. Tomáš Zrcek has more than 9 years of experience in this field. Thanks to his experience and knowledge, he holds the role of a specialist in information security and project management.

Tomáš Rosa

Chief Architect of Mathematical Security in the Security department. Tomáš Rosa is also responsible for the management of the Cryptology and Biometrics Competence Centre of the Raiffeisen Bank International Group. He has over 30 years of experience in cryptology and mathematical security and has earned a PhD in this field.

Jiří Pavlů

Mathematical Security Expert in the Security department. Jiří Pavlů has more than 5 years of experience in cryptology and mathematical security and has earned a master's degree in this field. Thanks to his experience with post-quantum algorithms, he leads the comparison and evaluation of cryptographic solutions.

Dagmar Slaninová

Information Security Specialist in the Security department. Dagmar Slaninová has more than 16 years of experience in information security. With her experience and specific know-how in security awareness and training, she will take on the role of information security specialist and manage the tasks associated with their development.

Project identification

Project number: 101158662
Project name: Safe Cyber Experience by Raiffeisenbank
Project abbreviation: #SafebyRaiffeisen
Call: DIGITAL-ECCC-2023-DEPLOY-CYBER-04
Topic: DIGITAL-ECCC-2023-DEPLOY-CYBER-04-EULEGISLATION
Type of action: DIGITAL-JU-SIMPLE
Service: CNECT/H/01

The project is funded under Grant Agreement No. 101158662 and is supported by the European Cybersecurity Competence Centre.

Co-financed by the European Union. However, the views and opinions expressed by the author(s) are those of the authors only and do not necessarily reflect the views of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for these opinions.