Wednesday, March 22, 2017

Cybersecurity in 2017: Four Threats to Watch

By Jay Isaacson, VP, Product Executive
It may be a new year, but fraudsters haven’t shifted their focus from cyber. And, with cybersecurity an ongoing arms race, threats are evolving constantly. Exposures can significantly impact your credit union, so it’s critical to be in tune with the latest cyber trends. Here are four threats to watch for 2017:

The threat of ransomware won’t slow down this year. In fact, it's becoming more commercialized. Fraudsters are now selling ransomware-as-a-service crimeware to other cybercriminals. Ransomware is particularly dangerous to credit unions. This is because malicious software can restrict access to files and threaten disruption or permanent destruction of sensitive information unless a ransom is paid.

Distributed Denial of Service (DDoS) attacks.
DDoS attacks continue to increase in both frequency and sophistication. These attacks are generally targeted. Fraudsters use them to overwhelm a system with data in an attempt to prevent users from accessing information or services. This can mean users – or in your case, members – who try to use your website won’t be able to do so. Critical infrastructure within the U.S. – financial institutions, in particular – have been targeted with DDoS attacks in the past and likely will be again in the future.

Internet of Things (IoT).
Devices with constant connectivity, like virtual personal assistants, Bluetooth headsets or smart lightbulbs may be convenient for consumer use. But, they can pose a threat to the broader internet ecosystem and, ultimately, your credit union. The connectivity of these tools and technologies make them susceptible to hacking. This can lead to unauthorized access to your network, and it can compromise your data.

Nation-state cyberattacks.
Banking is a critical piece of our country’s infrastructure. This makes the industry an attractive target for foreign governments (or groups sponsored by foreign governments) looking to impact our economy, steal or spy. State-sponsored hackers seek to target sensitive information by exploiting vulnerabilities in software. Fortunately, credit unions generally aren’t at the top of the target list, but it’s best to be prepared. It’s clear that cyber warfare is a powerful new global tool for criminals.

So, how can credit unions best protect themselves against these threats?

Evaluate People, Processes and Technologies.
First, look at the people, processes and technology supporting cybersecurity at your credit union. It’s critical to examine all of your protective layers holistically, so you can identify gaps and make adjustments. Simple security measures still matter. For example, make sure
 you are running the most up-to-date software on your system. Install patches in a timely fashion to protect against known vulnerabilities. And confirm user passwords are appropriately strong.

Educate Employees.
Employee education is also crucial. With human error a factor in over half of data breaches, your employees are your first line of defense. Train them at the time of hire, and continue educating them regularly through the year.

Share Information. Your credit union should consider participating in information sharing, such as the Credit Union Council of the Financial Services Information Sharing and Analysis Center (FS-ISAC). This customer-driven, non-profit organization keeps its nearly 7,000 financial firms informed of the latest cyber threats and recommended actions.

Consider Cyber Insurance.
Finally, evaluate cyber insurance. Options can vary widely, so ensure you review and understand the policy terms and conditions. Also evaluate coverage limits available to you should you experience a data breach. And, be sure you understand additional Risk Management services that support you as a policyholder.

 How are you protecting yourself from the latest cyber threats?

*Available exclusively to Bond policyholders