The average cost of a cyberattack in the financial industry is between $4 – $6 million, making it a profitable matter of interest for hackers all over the world. The National Credit Union Administration (NCUA) Board held a webcast in April 2021 about the kinds of emerging threats the industry is seeing and how credit unions can prepare for them.
During the discussion, Chairman Todd Harper said, “Like my fellow Board Members, I am deeply concerned about the risk cyberattacks pose to our financial system.” In this post, we’ll look at how attacks work and what can be done to mitigate them.
The Business of Ransomware
Ransomware has become so profitable that it’s far more like a legitimate business than most people realize. From job postings on the dark web to pyramid schemes for the developers, it’s a mirror of many corporations today.
With all the effort being poured into the enterprise, it’s become that much more sophisticated. In the past, we might have thought of a hack as a single extortion. For instance, data is encrypted and a credit union pays to unlock the data.
Now though, you’re more likely to see double, or even even triple extortion. For double extortion, a hacker might ask a credit union to pay once to unlock the data and then pay again to prevent its release. With triple extortion, the hacker might ask for an additional payment to send direct messages to customers about the business’ poor security defenses. Considering credit unions of all sizes host incredibly valuable information, they’re a huge target for hackers today.
3 Common Attack Vectors
Here are the most common ways that hackers are likely to target a credit union:
- Phishing emails: AKA social engineering, this form of attack is cost-effective. It relies on the idle habits of people opening emails that were designed to seem legitimate.
- Bad links: Usually a subset of phishing, bad links are unfortunately easy to click. Much like the email that looks like it came from a coworker, they may look entirely harmless until the last second.
- Vulnerability exploitation: This seems to be the method of choice for major breaches in the news. These vulnerabilities can hide deep in your security system. It just takes the right hacker to spot them.
6 Layers of Cybersecurity Defense
Unfortunately, there is no such thing as total protection. However, these layers can do plenty to greatly reduce the odds of a successful attack and mitigate the spread and damage if one does occur.
- Patch vulnerabilities: By far the most important piece of advice: continuous scanning, monitoring, and patching helps credit unions strengthen their defenses.
- Advanced endpoint protection: Known for standardizing security controls, monitoring behaviors in your endpoint environment can both slow down and thwart attacks entirely.
- Endpoint isolation: This layer isolates an infected endpoint, making it possible to stop the spread and still preserve forensic evidence after an attack.
- Automated backups: Ransomware can (and is designed to) jump to and target your backups, so it’s important to automate them and not keep them all in the same place.
- SOC/Monitoring: Having the best tools doesn’t mean much if no one is monitoring them. From alerts to analysis, credit unions can rely on this layer for early threat identification and to help them adjust their methodology as time goes by.
- Security awareness training: Most attacks occur due to human error, which is why teaching, testing, and training employees goes a long way to preventing and mitigating attacks.
Hackers aren’t stopping any time soon, but these are some actionable steps credit unions can take towards preventing and stemming attacks. The most important factors here are knowledge and action. For networks to be protected, they need continuous oversight that adapts as fast as the hackers do.
How confident are you in your credit union’s cybersecurity posture? Take our quick cyber posture assessment today to receive personalized insights and recommendations from our experts.