Cybersecurity is an industry responsibility

Ransomware has dominated recent headlines.

Many government systems, businesses and schools have been affected.

As a company based in Baltimore who serves the CU industry, we are all too familiar with the impact Ransomware has had on Baltimore City and now reports are saying CUNA has been a victim of an attack. What we have learned, is that ransomware can be crippling. Ransomware can shut down operations, it can be used to exfiltrate data but the biggest impact can be felt in the loss of business control and reputation.

Our team has been deployed during ransomware events and we have first-hand knowledge of what it feels like to live through it.

In a word…. Helpless.

Imagine walking to your building tomorrow and finding the doors locked, then imagine that you can’t open them unless you pay, then you have no idea if the door will open, what they may have done to your office when inside or even if they are gone for good after you clean up!

It’s not good and many organizations never recover.

Another disturbing trend we have seen, is that the hackers will target industries strategically. If the reports we are seeing proved to be correct, hitting CUNA could signal the beginning of a targeted approach. This will not include just CU’s but all of our industry’s partners – the whole ecosystem.

What can you do?

Here is the good news about ransomware – It is one of the more avoidable threats, if you can do the fundamentals well, you can put protections in place.

There are many advanced defense strategies and tools but make sure you are doing the basics first, here is a quick list that you can use to make sure your CU is protected:

1. Patching and updating. Most of the recent ransomware threats have leveraged Microsoft OS vulnerabilities. This highlights the criticality of consistent updating of your network systems. This includes all operating systems, third party software, and network devices. This should happen daily or weekly and you should have reports that prove the updates were applied correctly. Use monthly vulnerability scanning as a check and balance.
2. Network architecture. The specific architecture for each network will vary, but some principles you should look for include: network segmentation and least privileged access and resiliency. Ask your team how well provisioned those principles are in your network.
3. Security tools. While some advanced tools exist, at a minimum make sure you have next generation antivirus, anti-malware, UTM firewalls, behavior analytics and SEIM in place.
4. Backup and recovery. This is the best way to combat ransomware. Ensure that your backups are sent offsite, off network and make sure you have a recovery solution that can launch and run your business operations quickly.
5. Managed detection and response. Have a team or vendor who is providing 24/7 monitoring and detection of your systems. Threats come in many different flavors and no one tool can protect you from everything. Looking for anomalies will help you identify and quarantine potential threats.
6. Vendor management. Understand the scope of your vendors’ cyber programs. Not just to keep your systems and member data safe, but also to ensure they are protected. Imagine if a critical vendor were hit by Ransomware and their systems were down. While it may not impact your systems, it will certainly impact your members.
7. Mapping. Understand what data you have, how you get it, where it’s stored and how it’s used. You can’t govern and protect what you don’t understand. Creating visuals of these business processes and data flows can aid your understanding.
8. Training and testing. Users are still your greatest threat, make sure your users and members are trained what to look for. Then test your systems and people frequently. A cyber event will happen. It’s not preventable, so be prepared to respond.

We are happy to speak with any of the CUInsight community if you have any questions. There’s no commitment or charge. Protecting the CU ecosystem is critical for all of us. Let’s work together to raise our security posture and not let our members be impacted.