5 minutes
Alarmingly, reports of cyber attacks and data breaches have become almost routine. Sony’s corporate system is breached and shut down. Target, Home Depot and other major retailers inform millions of their customers that their credit card data may have been stolen. Federal agencies, including U.S. Central Command, reveal that their websites and social media accounts have been hacked. And, of course, major financial institutions, such as JPMorgan Chase, have also been the victims of cyber attacks.
The effect of all this on credit unions has been significant. According to Credit Union National Association CEO Jim Nussle, data breaches at retailers in 2014 alone cost credit unions and their members $100 million or more for reimbursement of fraudulent charges and the reissuance of credit cards. Nussle has indicated that cyber security will be one of CUNA’s top issues in 2015 – one it will address directly with Congress.
While in the media it would seem that credit unions themselves have largely avoided high profile cyber attacks directed at their IT systems, most realize they can and must strengthen their IT security defenses beyond the perimeter.
Doing that means more than erecting higher “cyber barriers” aimed at keeping data thieves and attackers out of their IT systems. Rather, it means adopting a governance- and intelligence-led approach that will detect sophisticated data breaches and insider risks originating within credit unions’ own information systems environments. This is necessary to help CUs quickly and effectively manage the financial, reputational, operational, compliance, and strategic impacts these threats pose.
The Risks are Many, and Everywhere
Credit unions are exposed to a variety of cyber risks, threats, and vulnerabilities that can directly impact their performance and their members. These include customer use of mobile devices to conduct credit union business and the use of the Internet by employees. Increasingly we now see cyber-smart criminals and gangs who penetrate the corporation via ever-evolving malware, which navigates around the network to give the attacker greater control of the network and access to even more sensitive information.
Cyber criminals’ infiltration of their target is rapid and covert, meaning their actions typically remain undetected for long periods of time. As a result, credit unions face a repetitive battle in dealing with situations as they appear – and realize what many other institutions have come to conclude: It is essential to have the capability to detect and flag suspicious activity early, from within the system.
Early Threat Detection Essential to Minimize Impact
Detecting threats within a credit union’s firewall, and as they develop, is not easy. Given today’s threat landscape, credit unions face extremely sophisticated intruders who constantly change and refine their methods, as well as rogue insiders who abuse legitimate access rights to manipulate and steal data.
Information-driven cyber intelligence, performed with the help of data analytics software, provides modern, interconnected organizations with a holistic view of threats to their digital networks and devices. It also uncovers high consequence cyber threats and anomalies on the network. This provides the ability to identify and interpret critical information from the readily available network logs that companies generate every day.
Data analytics software identifies security-relevant patterns in an ongoing and timely manner, enabling identification of high-consequence cyber threats and vulnerable areas, informing risk management strategies, and assessing the vulnerability of critical assets and operation on a daily basis. Credit unions can use data analytics to identify anomalous activity early, providing valuable time needed to assess and control a situation. With an early alert, credit unions can plan for the likely consequences of specific types of attacks, and better manage and minimize the risk.
Integral to this process is making data analytics the centerpiece of a multi-step strategy:
- Aggregate data from all sources – A critical component in the fight against cyber attacks is identifying and gathering all of a credit union’s network log data for processing. For example, the Domain Name System log can be used to help detect malware intrusions. Integrating data into a secure common environment also means it is available to multiple IT security staff, who can simultaneously conduct investigations and apply counter-measures more quickly and effectively.
- Utilize data analytics to detect threats and unusual behavior – Data analytics software continually analyzes log, event, user and asset data, enabling quick identification of unusual and previously unknown patterns, advance indicators of compromise and malicious activity within every-changing, massive data volumes. IT security teams are alerted to previously unidentified threats as manifested in anomalous occurrences in the network and devices, as well as reoccurring visits from suspicious IP addresses or malicious domains.
- Be prepared to respond quickly if and when an attack occurs – When an alarm is sounded through data analytics, a credit union must be ready to act quickly to prevent the compromise or loss of critical information. When anomalous activity is uncovered, users have the valuable time needed to assess and control a situation before it causes significant damage. We recommend that a credit union have an incident response plan to help countermeasure attacks and protect business critical data.
Credit union leaders do not have to read the almost daily headlines to appreciate the growing risks posed by cyber attacks and those who perpetrate them. They understand that credit unions should adopt a proactive approach to protecting their systems, processes, data and customers. And they know that it’s not just about building higher and stronger fences to keep out intruders, but detecting the unknown threats that lie hidden within their networks.
Indeed, the adoption of a data analytics-led approach enables cyber-defence strategies to be rapidly employed to prevent operational, financial or reputational damage. Ultimately this protects not only credit unions and their reputations but also, and most importantly, their members.
Craig Richardson is CEO of Wynyard Group, a market leader in risk management and crime fighting software used in investigations and intelligence operations by government agencies and financial organizations.
