Bill Nelson, president/CEO of the Financial Services Information Sharing and Analysis Center, delivered the opening keynote for the CU Times’ virtual cybersecurity conference, Defending Your Credit Union Against Data Breaches.
Nelson provided a primer on the cyberthreats to credit unions and the benefits of collaborative information sharing including regulators who place value on collaboration. He described online libraries, which are available to cybercriminals and how some of these forums have tens of thousands of users buying and selling spamming services.
The evolution of currents threats includes phishing, spear phishing, drive by downloads, fake antivirus software, DDoS attacks, webinjects, account takeovers, and destructive malware. Nelson explained many of them are the result of crossover or a connection between organized crime, state sponsored espionage, and businesses.
Nelson covered the evolution of the threat landscape, anatomy of attacks, threat profiles mitigation, the role of information sharing, risk management, and security tactics, techniques and procedures
“Fraudsters attack the weakest point: the user and the supply chain,” Nelson said. “Adversaries frequently prefer data mining through a host.”
In 1999, a group of financial institutions dedicated to communicating the latest cyber threats, vulnerabilities and incidents formed the Financial Services Information Sharing and Analysis Center (FS-ISAC).
FS-ISAC is a nonprofit association dedicated to protecting financial services firms from physical and cyberattacks through information sharing and analysis of those threats. Nelson will address progress in global information sharing, attacks thwarted and the continuous work that lies ahead to prevent, detect and respond to emerging threats.
FS-ISAC, which provides alerts about cyber incidents, collective intelligence, cyberthreats, and announcements, has more than 7,000 member institutions. FS-ISAC has grown rapidly in the last two years, adding more than 3,200 members since January 2014. This is largely due to the efforts of the FFIEC and the NCUA, which have recommended membership to the credit unions and banks that they regulate.
Credit unions can join FS-ISAC directly by logging into fsisac.com and setting up memberships. Once a credit union joins, they can start receiving alerts and sign up to share information by joining various groups such as the Community Institution Council or Cyber Intelligence email distribution lists.
