Since the invasion of Ukraine, the U.S. federal government has been monitoring potential increased vulnerabilities for U.S. businesses and infrastructure. So far, the attacks have been focused on Russia and Ukraine including denial of service and malware, but due to U.S. sanctions, cyber attacks could turn to the U.S., and credit unions have to be prepared.
The continued warnings of potential cyber attacks, horror stories from organizations that have lost access to data and weren’t fully operational for months, and updates and tips from vendors leave many leaders anxious and lacking clear direction amidst information overload.
How exactly does a credit union begin analyzing its current cyber posture? How can an organization determine the right path to position the organization to be prepared for an attack?
In a recent webinar, our team provided an update on the current threat landscape and ways credit unions can respond and prepare.
According to our CTO, Zachary Hill, companies should anticipate an uptick in the use of breached credentials and compromised accounts, as well as attacks on big companies, particularly those managing infrastructure like power and water.
He reinforces the importance of communication – teams should be conducting tabletop exercises to discuss potential threats, ways to train employees to know who to contact and the steps to take in the event of a breach, and communicating with vendors and core providers to understand how they are monitoring and updating their systems.
Organizations are vulnerable to attacks due most often to human error, so user awareness is critically important – employees as well as vendors. Our Director of Cybersecurity, Michael Seidelman, shares that malware, email phishing and social engineering are common entry points for attackers.
The easiest way for attackers to get into the organization is through users so in addition to continuous training, organizations must build a culture that encourages employees to have a skeptical mindset and take cyber seriously.
We encourage credit unions’ need to assess all third-party vendors to understand how they are managing and protecting their tools and systems.
Michael Seidelman, our Director of Cybersecurity, shares that one of the best ways to protect systems is ongoing vulnerability scans and patching, as well as making users aware of potential vulnerabilities. He reinforced that the warnings are not overblown – Russia bankrolled $5B in cash in advance of the invasion of Ukraine in preparation for anticipated sanctions. There is a very real possibility that the U.S. could get involved in full on cyber warfare.
Our team shares several other ways credit unions can proactively prepare and protect their infrastructure and data:
- Verify and enforce least privilege access
- Awareness of regulatory compliance that will help protect systems
- Update everything – software, mobile devices, tablets, routers, switches, firewalls – these are all access points to networks
- Back-up data
The best protection is education. All credit union employees from leadership down should understand the potential vulnerabilities, how attackers access the network, and the steps to take in the event of an attack. Ongoing training is critical. And for those working remotely, leaders should ensure they are updating and monitoring personal devices as well.
Debilitating cyber attacks happen every day. It’s not a matter of “if”, but “when” and credit unions need to remain diligently focused on the development and implementation of cybersecurity policies, procedures and building a strong cyber culture to mitigate risk.
A third-party, trusted vendor can act as threat hunters, monitoring systems and threat intelligence, to ensure organizations are protected and able to respond to a breach quickly.
A vendor like Think|Stack can help credit unions better understand their current capabilities, gaps in vulnerabilities, what to analyze and questions to ask. Cybersecurity, understanding the cyber threat landscape, and positioning your organization to be prepared for a future breach is complicated, but a trusted partner can help you navigate the complexity of it all.