8 lessons credit unions should learn from 2014 data breaches

by: Matt Wilhelm

I am the youngest in my family.  Eternally my mother’s baby.  Whenever I messed up in school or around the house, my mother would kindly say to me “Well, honey, you learn from your mistakes.”  Of course this infuriated my two older brothers, who would not always get the same gentle treatment when they forgot to turn in homework, or broke curfew.  My guess is most of you can either see my side of this story, or completely empathize with my brothers, depending on where you fall in your sibling lineup.

I read an article yesterday from our friends at FLEX entitled “8 Lessons Credit Unions Should Learn from 2014 Data Breaches” and it got me to thinking about my mother’s wise words. We hear about data breaches constantly, whether it be from big box retailers or uber-sized financial institutions.  What is not always being broadcasted on national media are the countless smaller breaches and attacks: The times a credit union’s computers got a malicious malware that encrypted all their data, or when an employee got a PC stolen that had member sensitive information on it.

Investigations of the major data breaches of 2014  have involved about 927 million consumer records. It is time we look at these breaches, and learn from our mistakes.

Here are the 8 Lessons that Credit Unions should learn from the recent breaches:

  1. Hackers have become better organized:  According to a recent Rand report, 80% of hackers were freelancers, and 20% were part of larger organizations, 10 years ago; today that ratio is reversed.  Many of these organizations look like typical businesses with a normal corporate infrastructure.  Sometimes the hackers work together at the same location, and other times they are just emailing back and forth across great distances, but all are working toward a common goal. Often they are tied to traditional criminal organizations.
continue reading »