As recent breaches in the retail industry have illustrated, today's threat landscape is complicated and evolving. Although financial institutions may not have been the intended targets of these high-profile attacks, many CUs felt the impact. Unexpected consequences, like compromised card replacement and responding to customer service inquiries — add up when 100 million customers are affected. Now, consider the consequences of a direct attack that successfully infiltrates your organization.
In addition to the harm a security breach can cause a CU's bottom line, there are long-lasting reputational effects when customer data is compromised. It is critical to arm your organization with the very best security practices, quality of service and protection protocols to maintain customer confidence.
In our most recent Financial Institution Threat Report, we found advanced targeted attacks are an ongoing concern for credit unions. In fact, according to the report, the financial services customer that experienced the most security incidents in second half of 2013 was a mid-sized credit union, and more than half of the "top 10" most compromised institutions were credit unions.
Trojans stood out as the type of threats most likely to impact a financial institution, but change is the only constant in the world of security. More than half (60%) of the threats identified in the "top 10" list were new to the list in 2013. An increase in threat diversity and the addition of new attack tools means the threat environment is more unpredictable than ever before.
Upping the Security Ante
While there are compliance standards in place to ensure minimum regulatory security requirements are met, credit unions are taking it upon themselves to improve member data protection beyond what is mandated. Organizations that implement managed security services and around-the-clock network monitoring can reduce the costs and complexity of security while easing the compliance burden. Additionally, to help reduce sleepless nights for time-strapped email security administrators, implementing managed e-mail services can further ensure employee and member communications are secure, reliable and compliant.
Beyond adding these services to your roster, how do you stay ahead of the ever-evolving threat landscape? Here are a few key preventive actions to take to defend your organization:
- Protect your PCs — make sure you have a strong multi-layered defense in place via firewalls, web security, anti-virus, targeted attack prevention for email, etc.
- Ensure employees heed security best practices including; avoiding suspicious emails and "phishing" links.
- Protect servers and networks using a server host intrusion detection system (HIDS).
- Enforce strong production server passwords, and scan data points regularly.
- Maintain all software programs and be sure they are up-to-date, and all unused services or programs are disabled or removed.
Implementing prevention best practices is one thing, but without a trained security event detection and response staff to monitor threats, things may still slip through the cracks. While the targeted attack landscape has become more complex, so have the solutions to defend against it. Be sure your security team is constantly reviewing threats and available protections to keep up on the latest and greatest ways to defend against them. If your company is lacking in budget or expertise to manage security programs and protocols, consider outsourcing this function.
In today's volatile cybersecurity threat landscape, it is usually not a matter of if, but when your organization will come under attack. Implement and test a detailed response plan of attack if your organization experiences a breach. If you go into battle with a strong threat prevention plan, you can quickly and effectively isolate the problem and respond to compromises with minimal residual risk.
Mike Flouton is vice president of product marketing at SilverSky, a cloud-based information services security firm based in Milford, Conn.
