4 ways cyber criminals are attacking your data
The 2016 Data Breach Investigation Report, released by Verizon, reports that the financial industry was victim of 1,368 security incidents and 795 confirmed data breaches during the previous year. They define “incident” as a security event that compromises the integrity, confidentiality or availability of information, while a “breach” means there was confirmed disclosure of data to an unauthorized party.
To keep your credit union safe from data security attacks, it’s important to understand the tactics that cyber criminals are using to exploit your servers, your systems, and your members.
According to the Verizon report, compromised financial apps are the leading cause of cyber breaches, responsible for nearly half of the cyber attacks on financial institutions. Apps are often attacked through backdoor code exploits. Here a cybercriminal will upload a piece of code to a server allowing them access to that server. From there this unauthorized user can execute other malicious code which escalates his power on the server until he can essentially operate the server as if it were his own, gaining access to protected data. A single app can have thousands of legitimate users, making it difficult and time consuming to track down the origins of the attack.
Denial of Service Attacks
A DoS attack uses a rush of activity on a server in an attempt to shut down or disrupt service. They are often used by cyber criminal as a distraction, keeping an I/T team occupied in fixing one problem while they install malware as a means of accessing secure data.
Phishing is a type of cyber criminal activity that you are probably already familiar with. In a phishing expedition, cybercriminals send out an email or other communication impersonating someone else in an attempt to get their hands on information (passwords, client information, or personal information) or to prompt the victim to unknowingly install malware.
Phishing activity usually does not target a specific person or organization as a victim, instead it is working to reach has many victims as possible. However, an offshoot called Spear-Phishing does just the opposite, targeting individuals or a small group of people.
In Verizon’s report, 916 confirmed data breaches were caused by phishing. The report also showed that 30% of phishing emails are opened and 13% of malicious links or attachments are clicked.
Password attacks use brute force to gain access to protected information. Cyber criminals use bots to barrage administrator accounts with a series of common usernames and passwords in an attempt to find a match. Sixty-three percent of confirmed data breaches in 2015 involved weak, default, or stolen passwords. Strong passwords and a consistent schedule of setting new passwords will help to eliminate this type of threat.
What actions have you taken to protect your credit union from cyber attacks?