Newsroom

October is National Cybersecurity Awareness Month. NAFCU closely follows cybersecurity issues to keep credit unions informed of threats and compliance resources, and continues to be a leader in calling for national data security and privacy standards. For those short on time, here's a roundup of recently-released reports to ensure your institution is aware of and prepared for cybersecurity threats.

Payment security falters

Verizon's 2020 Payment Security Report found declining compliance with the Payment Card Industry Data Security Standard (PCI DSS), which applies to all entities that store, process, and transmit payment card data. The report also revealed that financial gain is the primary reason behind 86 percent of data breaches, with 99 percent of the retail industry's cybercrime incidents being financially motivated. In addition, retail breaches are now more likely to happen via web applications, rather than point-of-sale devices.

NAFCU last year released a white paper outlining principles for data privacy, which include a comprehensive national data security standard for all entities that collect and store consumer information to ensure merchants and retailers are held accountable for data breaches. Survey findings included in the association's report found that 82 percent of credit union respondents were impacted by a local merchant breach in the previous two years.

IT professionals raise concerns

A new survey from Pulse Secure of 325 IT and cybersecurity professionals across various industries revealed that 56 percent fear their organization could face a compromise in the next year. Reflecting on the past 12 months, 72 percent said they saw an increase in security incidents as remote work increased. The top security issues: malware, insecure network and remote access, compromised credentials, and compromised endpoints. The report includes several ways to improve an organization's security, including increasing employee awareness through training, monitoring devices for malicious activity, and blocking at-risk network or cloud resource access.

Ransomware attacks rise

During the third quarter, daily ransomware attacks in the U.S. nearly doubled compared to the first half of 2020, according to research from Check Point. The software company indicated that the coronavirus pandemic's impact on business structures – with many companies moving to remote work settings – left vulnerable gaps in IT systems. It also highlighted the rise in cybercriminals' "double extortion" tactic.

The Financial Crimes Enforcement Network (FinCEN) last week issued an advisory to financial institutions warning of increased ransomware attacks and related money laundering activities.

Fed's cybersecurity could use a boost

The Federal Reserve's Office of Inspector General (OIG) says the central bank can strengthen its cybersecurity for the Large Institution Supervision Coordinating Committee (LISCC), which oversees the U.S.'s largest and most systemically important financial institutions. The OIG report found that examiners have difficulty obtaining cybersecurity training, potentially hindering efforts to identify and address cybersecurity incidents. It outlined 10 recommendations to enhance the Fed and LISCC's cybersecurity supervision.

NAFCU here to help

As NAFCU continues to fight for national data security and privacy standards, the association is working to ensure credit unions have access to the resources they need to stay on top of cybersecurity issues. NAFCU's newest member-only network – the Cybersecurity & IT Network – aims to bring industry professionals together to connect on ways to better protect members' financial data and strengthen systems. Latest discussion posts cover Security Information and Event Management (SIEM) solutions, cybersecurity service providers, and best practices for Chief Information Officers.

Register now to join a NAFCU Network, or email info@nafcu.org for assistance. Representatives from NAFCU-member credit unions may use their NAFCU website login to access the network.