Threat Credit Unions Face – And How To Combat ThemWhen you break down the large threats that credit unions face, several consistent themes emerge:
- Phishing will be one of the first points of entry to compromise any system or data
- Denial of service attacks will continue to threaten to knock companies offline, especially when they have internet-facing or mobile applications
- Data Sharing and Privacy will have increased scrutiny, disclosure laws will become more draconian, and disclosure must happen more often and quicker
- Remove access to privileges and paths to the data where the people don’t need it. You can do this with privileged access management, network segmentation, and general user role maintenance.
- Patch everything where you can. Most attacks happen when a vulnerability is more than one year old. If you at least get this far, you can remove a large number of paths to entry where data can leak.
- Find your data and start by protecting the major repositories of data first. Build outward as you find other copies of your data. Don’t forget sometimes the best path is to delete the data where it doesn’t belong.
Scott Carlson, Technical Fellow
As Technical Fellow, Scott Carlson brings internal technical leadership to BeyondTrust, strategic guidance to our customers, and evangelism to the broader IT security community. He also plays a key role in developing innovative relationships between BeyondTrust and its technical alliance partners. Scott has over 20 years of experience in the banking, education and payment sectors, where his focus areas have included information security, data centers, cloud, virtualization, and systems architecture. He is also a noted thought leader, speaker and contributor to RSA Conference, OpenStack Foundation, Information Week and other industry institutions.
Prior to joining BeyondTrust, Scott served as Director of Information Security Strategy & Integration with PayPal, where he created and executed security strategy for infrastructure across all PayPal properties, including worldwide data centers, office networks, and public cloud deployments. He led several cross-departmental teams to deliver information security strategy, technical architecture, and strategic solutions across enterprise IT environments. As a member of the office of the CISO, CTO and CIO, Scott spoke on behalf of the company at global conferences. In addition, he was responsible for infrastructure budget management, vendor management, and product selection, while also serving as the cloud security strategist for private OpenStack cloud and public cloud (AWS, GCP, Azure). Prior to PayPal, Scott held similar roles with Apollo Education Group and Charles Schwab.