Cyberattacks and data breaches have become a regular part of life not just for credit union leaders but for consumers. With October designated as Cybersecurity Awareness Month, CU Journal has dedicated its ongoing monthly special report to this topic. From cyber issues and their impact on core banking providers to the threats that come with a growing Internet of Things and more, this month's coverage has focused on the variety of ways the industry is besieged by new threats and making efforts to stay one step ahead of the problem.
Read on for highlights from this month's special report.
Faster phones, bigger threats
Just a few years from now, 5G technology will enable consumers to utilize faster internet speeds on their mobile devices, allowing for speedier downloads, better streaming and faster online purchasing. As a result, life is likely to get even better for fraudsters. With the onset of more devices connecting to the internet, attacks that were once unimaginable, like hackers stealing data through a fish tank, have become reality. As a result, credit unions will have a harder time defending themselves against cybercriminals.
“We’re trying to move to a more automated approach in identifying threats and pointing out to human beings what to look at,” said Rob Hoyle, chief information officer at the $971 million-asset Credit Union of America in Wichita, Kan. “That will play into the 5G conversation pretty significantly.”
As credit unions and community banks push to innovate, many say they aren't getting the help they want from their core banking providers.
An executive at one of the nation's leading core providers says he understands that frustration, but core providers must also deal with their own cybersecurity issues and other factors.
"I certainly appreciate the frustrations that everybody has," Bruce Lowthers, president of banking solutions at FIS, said in an interview with Credit Union Journal's sister publication, American Banker. "It goes back to that changing expectation of technology and what their clients are looking for."
The National Credit Union Administration has pushed Congress to give it third-party vendor oversight since before Y2K, but with cybersecurity threats on the rise, there are signs the regulator could finally be on the verge of having its wish granted. Lawmakers this month released discussion draft legislation that would expand the agency's oversight powers to better encompass cybersecurity protections. But there's a catch — the X factor that could finally get the regulator the expanded powers it wants may be another federal agency.
From new threats around AI, cloud security, ransomware and more, credit union leaders have plenty to worry about these days. And with 2020 just around the corner, industry leaders are already thinking hard about the technology investments they need to make to ensure their institutions are secure in the next decade.
Multi-factor authentication — a digital process that grants a user access to a system after requesting several credentials — is a fairly common requirement for members to log into their accounts. But its gaining popularity as a requirement for employees, especially those who work remotely. Employees who work offsite or use their own devices tend to be less secure because the credit union usually can't monitor these devices or install security software. Requiring MFA is one way to counteract this increased threat.
“Any remote user is considered a high risk since we’re not in control of their home networks. In our case, our remote users are risky. So they’re going to use MFA or two-factor authentication," said Robert Smith, information security officer at the $748 million-asset Tropical Financial Credit Union in Miramar, Fla.
One recent study finds that financial institutions that fall victim to cyberattacks are likely to spend an average of $1.8 million to rectify the situation. And that's not counting ongoing costs related to keeping up-to-date protections in place, which one industry group pegs at roughly a quarter-million dollars per year.
But with hacks and data breaches a regular part of life now, experts advise that it's not a matter of if a credit union gets attacked but when. Fortunately, there are steps CUs can take to move past the event when it happens. For more, click here.
The McLean, Va.-based company admitted that it failed to file suspicious activity reports even in cases when it knew about criminal charges against specific customers. The misconduct took place in a unit that served check-cashing businesses and was later shut down.
South African bank's approach to chatbots offers lessons for U.S. players; small lenders embrace automation for latest PPP round; flush with capital, Canadian banks eye U.S. acquisitions; and more from this week's most-read stories.