October 08, 2019

3 things to know during cybersecurity month

cybersecurityCybersecurity is a top concern for the credit union industry year-round, but the issue receives special focus in October, which is recognized as National Cybersecurity Awareness Month. Here are three things credit unions should be aware of to help the industry effectively prepare for and address cyber threats.

1.      FBI warns of high-impact ransomware attacks. The FBI last week released a new public service announcement (PSA) to alert U.S. businesses and organizations to high-impact ransomware attacks. Barracuda – a security and data protection solutions firm – released new data in August that showed more than 70 state and local governments had suffered such attacks so far in 2019.

The FBI, in the PSA, explained that "ransomware is a form of malware that encrypts files on a victim's computer or server, making them unusable. Cyber criminals demand a ransom in exchange for providing a key to decrypt the victims files." 

The agency warned that these attacks "are becoming more targeted, sophisticated, and costly." The announcement included further details of how ransomware works, how businesses affected by an attack should respond, ways to protect an institution from ransomware attacks, and 12 best practices for cyber defense.

2.      Growth in merchants' security spending falls as data breaches rise. A recent study from Thales Esecurity found that more than a third of U.S. retailers have experienced a data breach in the past year; however, only 62 percent of retailers said they were increasing their security spending this year, compared to 84 percent who said the same last year.

The report detailed a number of concerns with retailers investing in new technologies to disrupt the market, including cloud services, that leave data vulnerable. NAFCU consistently advocates for national data and cybersecurity standards on Capitol Hill, which the association believes should hold retailers the same level of protections for consumer data as financial institutions.

3.      Cyber threats credit unions should look out for. In addition to ransomware attacks, there are a number of other threats that could hack credit unions' systems and gain access to sensitive information.

One of the top threats is business email compromise (BEC) schemes. In a risk alert sent in August, the NCUA flagged for credit unions the rise of email fraud and offered tips to prevent it. Last month, the Department of Justice announced that $3.7 million had been seized and 281 had been arrested in a coordinated BEC operation.

A number of other threats are detailed in an article from Wired, including rogue USB drives. As a data storage device used commonly in business, these sticks can contain viruses or programming to take over a computer once plugged in. See what other threats made the list.

The NCUA is using October to remind credit unions to stay vigilant of cybersecurity issues and has a number of tips and resources available. As a leader in calling for national data security standards, NAFCU also has myriad resources available to ensure credit unions can effectively identify and address cybersecurity concerns.