The successful dark side ransomware attack in which hackers were able to disrupt a major pipeline providing gas to states throughout the east coast has once again brought the issue of cyber security to the forefront. Here are some of the lessons your credit union can learn from this event:
Don’t forget the basics. These are highly sophisticated attacks that start with very basic mistakes. On Wednesday, the FBI and the CISA issued a joint memorandum. The first three steps it suggested companies take to mitigate the threat of ransomware are to require multi-factor authentication, enable strong spam filters, and implement a user training program and simulated attacks for spear phishing.
Expect insurance costs to spike. The attack comes as regulators and stakeholders debate the best way to deal with ransomware attacks and the role that the insurance should play. This past fall, FINCEN issued guidance warning financial institutions and insurance companies that they might be violating federal law if they help a company facilitate a ransomware payment. In addition, New York State’s Department of Financial Services recently reached a multi-million dollar settlementwith an insurance company for violating the state’s cyber security regulations. The settlement has gotten the attention of the legal community since it included a stipulation that insurance proceeds would not be used to pay the settlement.
continue reading »