Credit Union Cybersecurity Pain Points
According to Federal Reserve Chairman Jerome Powell, cyberattacks are one of the greatest risks to our global financial system. These risks have only increased as online financial transactions rise. For credit union cybersecurity, this means the effort required to protect member data is increasing and growing even more challenging.
Direct attacks on credit unions are incredibly costly to the bottom line and to customer trust. Annual financial risk can range from $190,000 for small credit unions to more than $1.2 million for large credit unions. Credit unions must continually reassess what emerging cyber threats mean to their security plans and adjust accordingly.
Learn how your credit union can mitigate these cyber risks by first understanding the threats, challenges, and ultimately the steps you can take to reduce your cyber security risks.
Risks Are Fueled by the Dark Web
The Dark Web is an extensive collection of websites where criminals can rent space to buy, sell, or trade anything from drugs to stolen credit card numbers. The Dark Web also contains many cybercriminals willing to work for hire and eager to carry out any task for which they can be paid. Cybersecurity researchers have found that 86% of credit unions and 76% of vendors have at least one new leaked employee credential on the Dark Web.
86% of credit unions have at least one leaked employee credential on the Dark Web
Dark Web e-commerce platforms have been a menace to credit union cardholders, as they sell card data to anyone with a few clicks. These e-commerce platforms allow users to register and purchase cards without verifiable proof that the payment will be made. Once the information is given out, these platforms can be traced back to the individual cardholder, and their identity can be stolen.
Stolen credentials and personally identifiable information (PII), along with compromised card data, increase threat actors’ ability to bypass anti-fraud controls.
Credit union cybersecurity must use modern methods to prevent data breaches and limit the impact of cyberattacks. The first step to protecting your data is to understand the threat landscape. Armed with knowledge, credit unions can then determine what defensive and offensive cybersecurity measures are needed.
Common Dark Web-Based Threats to Credit Unions
Account Takeovers (ATO)
Once inside a breached network, this type of malware harvests online account credentials. The stolen account information is then sent back to the cybercriminals so they can use it to execute wire fraud, ACH fraud, fraudulent transfers, and much more. Unfortunately, this type of malware attack is very difficult to detect because legitimate account holder information bypasses traditional authentication controls. Therefore, the best prevention is to protect your network from breaches and stop the leaking of account credentials in the first place.
Payment Card Fraud
Approximately 115 million compromised cards are for sale on the dark web and almost 90 million of those from the U.S., making credit and payment cards one of the most at-risk payment tools. Credit unions experience debit and credit card fraud losses constantly. Given the increase in online transactions during the last couple of years, many financial institutions see more compromised payment cards.
Mule accounts are individual or business accounts opened with malicious intent or opened by people recruited on Dark Web criminal marketplaces. Because they are verifiable, these mules can evade robust Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. Peer-to-peer instant payment platforms are the primary targets for mule accounts because they can execute transactions quickly and with less scrutiny.
What Other Cybersecurity Challenges Do Credit Unions Face?
The Dark Web is and will continue to be the likely source for cybercriminals to base their attacks. But there are other factors that make cybersecurity efforts more difficult for credit unions.
Overcoming the Shortage of Credit Union Cybersecurity Experts
There is a shortage of skilled cybersecurity professionals across all industries and credit unions are no exception. Security teams in the credit union space must look for innovative solutions that will help them improve efficiencies so they can optimize the productivity of the security professionals they do have. This means identifying security tools that are easy to use and simple to deploy, as well as finding solutions that streamline cybersecurity processes.
Ransomware and Sophisticated Cyberattacks
With a ransomware attack occurring every 11 seconds, credit unions must be vigilant. Organizations that fall victim to ransomware will lose vital member trust, not to mention large sums of money in fines and possible ransom payments. Protecting business critical systems from ransomware is an ongoing cybersecurity task that must evolve as fast as cyber criminals do and requires that an organization understand why ransomware attacks are occurring so frequently. That means regular assessments and analysis to address new system weaknesses and emerging attack vectors and making sure all employees are cyber aware and practicing good cyber hygiene.
Supply Chain Security
The cybersecurity supply chain starts with the business entity and extends to all of its vendors. Cybercriminals are anxious to get their hands on credit union member data, so they will use any means necessary to get access to it, including infiltrating via a vendor. Like many industries, credit unions are using more vendors and partners these days to increase their features, functionality and member offerings. Because this creates more attack vectors, credit unions must thoroughly vet their vendors, looking for industry expertise and certifications. They should also continuously request information about their partners’ security practices, including regular audit information and penetration testing results.
Internet of Things (IoT)
As the Internet of Things increases in popularity, it has become more important for organizations to invest in cybersecurity solutions to secure their networks and everything that connects to it. With 57% of all IoT devices vulnerable to acute cybersecurity attacks, credit unions need to invest in cybersecurity solutions that can identify all of the IoT devices connected to their network so they can be secured. Vulnerability management solutions can be used to detect and map IOT and track related security efforts.
What Can Credit Unions Do to Reduce Financial Risk?
Organizations need to make credit union cybersecurity an enterprise risk priority, so it receives attention from senior leadership, beginning with the C-Suite. These leaders can help spread a culture of security and compliance, so risks and threats align with operations and business objectives.
To improve security, you must first know the strengths and weaknesses of your programs— launch independent assessments of all cybersecurity programs and risk assessment frameworks. Independent reviews and tests are essential because they will show unbiased verifications of your security effectiveness.
Once assessments have been completed, rank resources to prioritize the next steps and make critical investments. Maintain complete lists of all internal assets, ensure proper defenses are in place, and constantly apply updates and security patches. Invest in the ability to quickly detect all types of threats and have remediation plans in place.
6 Steps to Reduce Risk
- Prioritize cybersecurity
- Create a culture of security and compliance
- Maintain asset inventory
- Conduct regular systems tests and assessments
- Remediate high-risk weaknesses
- Update software regularly
Your Best Defense
Credit unions need to maintain a vigilant approach, adding new detection mechanisms and conducting ongoing assessments to current cybersecurity operations to ensure they are prepared to act quickly and avoid criminal attacks on their network and members.
Digital Defense helps its clients build a culture of security through innovative vulnerability management solutions and training. For more than 20 years, credit unions have trusted Digital Defense to protect member data, simplify cybersecurity, and prevent cyber attacks.
See how Digital Defense can help you. To learn more about cybersecurity services available get in touch with us today.
About the Author
Mieng Lim, Vice President, Product Management has served as a security expert for Digital Defense, Inc. since 2001. Mieng takes a consultative approach to security having held prior roles in Operations, Quality Assurance and Sales Engineering. Mieng seamlessly blends technical expertise with real world scenarios to provide an entertaining and educational cyber security perspective. Mieng serves a mentor and STEM advocate encouraging young women to pursue careers in security and technology and volunteers with BSides San Antonio as a staff member. Mieng holds a Bachelor’s Degree in Computer Science with Minor in Sociology from Trinity University.
Protect Against Ransomware, the Financial Sector's Big Threat
The guide Dissecting Ransomware: Understanding Types, Stages, and Prevention is a wealth of information to help create a cybersecurity plan against ransomware.