Cybersecurity Threats to Watch
June 13, 2017
With cybersecurity in an ongoing arms race, threats are evolving constantly. Exposures can significantly impact your credit union, so it’s critical to be in tune with the latest cyber trends. Here are four threats to watch for in the coming months:
The threat of ransomware is becoming more commercialized. Fraudsters are now selling ransomware-as-a-service crimeware to other cybercriminals. Ransomware is particularly dangerous to credit unions. This is because malicious software can restrict access to files and threaten disruption or permanent destruction of sensitive information unless a ransom is paid.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks continue to increase in both frequency and sophistication. These attacks are generally targeted. Fraudsters use them to overwhelm a system with data in an attempt to prevent users from accessing information or services. This can mean users–or in your case, members–who try to use your website won’t be able to do so. Financial institutions have been targeted with DDoS attacks in the past and likely will be again in the future.
Internet of Things
Devices with constant connectivity, like virtual personal assistants, Bluetooth headsets, or smart lightbulbs may be convenient for consumer use. But, they can pose a threat to the broader internet ecosystem and, ultimately, your credit union. The connectivity of these tools and technologies make them susceptible to hacking. This can lead to unauthorized access to your network, and it can compromise your data.
Banking is a critical piece of our country’s infrastructure. This makes the industry an attractive target for foreign governments (or groups sponsored by foreign governments) looking to impact our economy, steal or spy. State-sponsored hackers seek to target sensitive information by exploiting vulnerabilities in software. Fortunately, credit unions generally aren’t at the top of the target list, but it’s best to be prepared. It’s clear that cyber warfare is a powerful new global tool for criminals.
So, how can credit unions protect themselves against these threats?
- Evaluate people, processes, and technologies. First, look at the people, processes, and technology supporting cybersecurity at your credit union. It’s critical to examine all of your protective layers holistically, so you can identify gaps and make adjustments. Simple security measures still matter. For example, make sure you are running the most up-to-date software on your system. Install patches in a timely fashion to protect against known vulnerabilities. And confirm user passwords are appropriately strong.
- Educate employees. Employee education is also crucial. With human error a factor in over half of data breaches, your employees are your first line of defense. Train them at the time of hire, and continue educating them regularly.
- Share information. Your credit union should consider participating in information sharing, such as the Credit Union Council of the Financial Services Information Sharing and Analysis Center (FS-ISAC). This customer-driven, non-profit organization keeps its nearly 7,000 financial firms informed of the latest cyber threats and recommended actions.
- Consider cyber insurance. Finally, evaluate cyber insurance. Options can vary widely, so ensure you review and understand the policy terms and conditions. Also evaluate coverage limits available to you should you experience a data breach. And be sure you understand additional Risk Management services that support you as a policyholder.