Data Breach Risks to Banks and Credit Unions
February 15th, 2017
New guidelines for credit unions have recently been released by the NCUA (National Credit Union Administration) including a focus on “Cyber-security, Insider Threat and Security Clearance Reform, Open Data, and People and Culture.” When you look at the priorities, and include advancing technology paired with the needs of having more consumer-friendly applications while still meeting regulatory needs, credit unions must balance the basics with moving toward advanced security concepts to be the most secure.
Threat Credit Unions Face – And How To Combat Them
When you break down the large threats that credit unions face, several consistent themes emerge:
- Phishing will be one of the first points of entry to compromise any system or data
- Denial of service attacks will continue to threaten to knock companies offline, especially when they have internet-facing or mobile applications
- Data Sharing and Privacy will have increased scrutiny, disclosure laws will become more draconian, and disclosure must happen more often and quicker
Unless your security posture is already strong enough to combat these threats, continuing to work on controls that meet the goals, and then delivering tools that enforce the controls, is key. Consider the following:
- Remove access to privileges and paths to the data where the people don’t need it. You can do this with privileged access management, network segmentation, and general user role maintenance.
- Patch everything where you can. Most attacks happen when a vulnerability is more than one year old. If you at least get this far, you can remove a large number of paths to entry where data can leak.
- Find your data and start by protecting the major repositories of data first. Build outward as you find other copies of your data. Don’t forget sometimes the best path is to delete the data where it doesn’t belong.
A layered security approach within an environment and within cloud practices will continue to drive the set of cyber-security controls needed by credit unions going forward. By taking some basic steps you can have good hygiene. As horrible as it sounds, sometimes the best security is to make it hard enough to break in that the attacker moves on to the next guy.