How credit unions can stay ahead of the evolving threat landscape
In the film All the Presidents Men, which detailed the Watergate scandal that took down the Nixon administration, the line “follow the money” was used to describe the fastest way to get to the bottom of an illegal scheme. That saying has grown in popularity over the years and can easily be applied to understanding the where and why of most cyber attacks. While not all cyber threats are based around financial gain, our research and common sense tells us that the large majority of attacks contain some form of monetary incentive; therefore, it only makes sense that the places that hold the money are on the front lines when it comes to cyber defenses.
Because of this, financial institutions of all shapes and sizes must demand superior quality of service and security protocols. But in many ways, credit unions present the most unique security challenges and vulnerabilities. The recent SilverSky Financial Institution Threat Report provided an analysis of security incidents experienced by 925 financial institutions in the second half of 2013. A midsized credit union was identified as the customer that experienced the most security incidents in that timeframe, and more than half (60 percent) of our top ten most compromised institutions were credit unions. This begs the obvious question of, why are credit unions experiencing a disproportionate number of security incidents compared to other financial institutions?
In order to determine the prevalence and severity of threats, our SilverSky Labs analysts reviewed 70,000 potential incidents in the six month time frame analyzed in this report. In the second half of 2013, SilverSky processed 90 billion raw events, documented 1.9 million security alerts and identified those 70,000 potential incidents – which resulted in 1,556 likely and confirmed compromises across 390 organizations. Threats were categorized into low, medium and high-severity incidents. The majority of recorded incidents were information-gathering or reconnaissance-related activities (low-severity), and a small number of incidents were likely or confirmed system compromises (medium- and high-severity). This threat report is entirely focused on these medium- and high-severity incidents.
The financial services industry is one of the most, if not the most, security-conscious industries and it needs to be as it is annually the most targeted for cyber attacks. In 2013, we found Trojans were once again the top threat category facing financial customers; however, consistency is rare in the ever evolving security world. More than half (60 percent) of the threats identified on our “top 10” list were new this year. This tells us that the hackers and the threats are continually evolving to stay a step ahead of our defenses. Higher levels of sophistication and better organization and funding for criminal organizations by nation states has led to increased threat diversity. This has resulted in a stretched security field where the availability of new attack tools has led to a threat environment that is more unpredictable than ever before.
Forty-two percent of our financial institution customers had at least one security incident in the second half of 2013, which is down from 47 percent in 1H 2013. About four percent of institutions had more than 10 incidents. A credit union experienced the most – 42 incidents in total. This indicates that the success rate of attacks on credit unions continues to be higher than comparative sized financial services organizations. To me this is indicative of a breakdown in security protocol as credit unions are being viewed by potential hackers as an easier mark than other organizations in the industry. This is often the result of fewer security resources available to install patches, update to newest versions of software or anti-virus, or to investigate potential breach points and vulnerabilities.
How is a credit union to defend itself in this ever-growing, ever-evolving threat landscape? To protect PCs, multi-layered defenses (firewalls, web security, anti-virus, targeted attack prevention for email, etc.) are essential. Ensure your employees are observing best practices, including avoiding suspicious emails and “phishing” links. Users/employees always have been and will continue to be the weakest link in the organizational security chain. I’m not suggesting malicious intent on their behalf, but their failure to follow security protocols established by the IT/security department can have widespread affects within a credit union or other financial institution and can often go unchecked for days, weeks or even longer depending upon the sophistication of the threat and the capabilities of the organization to detect them. We issued a report on email habits of employees last year based on their perceptions vs. the realities of their practices and the results were quite startling in terms of how vulnerable the organization was based upon their behaviors.
To protect servers and networks, consider investing in a server host intrusion detection system (HIDS), enforce very strong production server passwords and scan data points regularly. All software should be kept up-to-date, and all unused services should be disabled or removed. Of course, tools and procedures are useless without a highly skilled, highly trained security event detection and response staff. Today’s vulnerabilities are engineered to fool monitoring software and to look like regular files traversing the network. Patterns will emerge and it is important to have the expertise that can put context around the data. Companies lacking budget or expertise should consider outsourcing this function.
Prevention tactics are not a failsafe. Create and test your response plan – always assume your organization will be breached, and ensure you can quickly (and effectively) respond to compromises in a manner that minimizes residual risks. Does your team have the tools and talent it needs to protect your organization, and respond effectively when disaster strikes?