They carry names such as WannaCry, Petya, SamSam, Industroyer and GhostHook, not wrestlers or hurricanes, but malware threatening systems everywhere. Are credit unions fearful enough and how can they protect themselves?
CU Times asked some experts how credit unions can strategize against the seemingly constant barrage of bad cybersecurity news brought on by breaches, hacking, ransomware, phishing, and account takeovers, among other things.
Cybersecurity is complex. “The business risk associated with cybersecurity gets heightened to the point where it is not just a cybersecurity problem, not just a fraud problem, it’s a top of mind, C-level kind of problem. Brand risk has risen significantly based on cyberattacks.” John Horn, director for SecureNow, Fiserv’s integrated cybersecurity services, said. Horn advised a credit union can avert attacks if they have a strategy.
Vijay Basani, co-founder, president, and CEO of Boston-based cybersecurity firm EiQ, maintained. “Credit unions are easy targets for hackers focused on financial fraud.” Basani added a credit union without proper cybersecurity defenses is not only easy low hanging fruit for fraudsters but could find itself considerably harmed as an organization.
“First you must have a strategy,” Stefan Ionescu, CTO and VP of product development for Islandia, N.Y.-based loan origination provider Teledata Communications Inc., said. He warned if credit unions shop for a solitary product or a silver-bullet solution they have already lost the fight. “There is no one single product that will be the answer.”
Brian Soldato, senior director, product management for Austin, Texas-based cybersecurity firm NSS Labs, noted even the most inclusive cybersecurity strategy will likely fall short. “It will be a continual battle to stay ahead of breaches for financial institutions but they shouldn’t panic in the wake of news of breaches.”
“Knowledge is power when it comes to dealing with emergency issues that the credit union sees either in the media or in releases by cybersecurity firms.” Tom DeSot, EVP, chief information officer for San Antonio, Texas-based cybersecurity firm Digital Defense, said.
“First and foremost, credit unions need to have completed an enterprise risk assessment so that they understand what data is most important to them and what systems store, process, or transmit that data,” DeSot explained. Additionally, instituting a holistic vulnerability assessment program also helps impart critical information about the credit union’s network to both the IT and InfoSec teams.
See the full story in the print edition of CUTimes on July 12.
