I recently conducted some research on the cybersecurity challenges credit unions are facing and here is what I learned:
Data security breaches are a significant problem for credit
unions because once members begin to question the safety of their personal information,
these financial institutions can incur massive losses before member trust can
be restored. Many consumers have been known to reduce the number of financial
services they’ll put through their credit union following a breach, and some have
been known to leave the credit union entirely.
The National Association of Federal Credit Unions found
that, on average, a data breach costs a credit union just over $225,000. While
credit unions have implemented security measures and devoted resources to
protecting customer data, much like all industries, their measures are failing
to keep up with the ever-increasing sophistication of attempts from hackers to
gain access to credit union members’ personally identifiable information.
Even though federal regulations have been imposed on credit
unions to ensure a basic level of security for member data, these regulations,
even when met, are still falling short of stopping data breaches caused by
malware. Thus, credit unions may be meeting regulations, but are
still not meeting members' security expectations.
With endpoints that can vary from ATM machines to company
laptops to customer and vendor portals, credit unions inadvertently provide
many avenues for a cyberattacker to gain the foothold they need to launch
malware and access databases housing sensitive customer
information like social security numbers, passwords and credit card numbers.
And unfortunately, their own infrastructure is not all these
credit unions have to worry about. As reported in a recent Business Insurance article, when asked what keeps her up at night, Debbie Matz, the head regulator for 6,350 U.S. credit unions, answered: a cyberhacker sneaking in through a credit
union vendor, cracking through to the larger U.S. financial system and wreaking
havoc along the way.
The credit union vendor portals Matz refers to can include a
vendor’s own separate payment processing systems, like point of sale systems,
which also leave credit unions vulnerable no matter how well they secure their
own infrastructure. If a point of sale system endpoint is left unsecured,
credit union members' personal information becomes vulnerable to theft and the
endpoint can be used as an access point to larger systems.
One of the scariest parts of this story is that credit unions across the country are relying on traditional antivirus solutions to protect their infrastructure. These solutions are less than 50% effective at stopping threats, at best, and usually, threats are only identified after they cause damage. The data breaches these solutions don't stop are expensive to repair and also harm brand identity, which can lead to a reduction in revenue and even litigation.
There really is only one solution that can secure a credit
union’s infrastructure as well as protect it from attacks originated at vendor
portals. Credit unions should seek out a solution that uses artificial
intelligence and machine learning to protect every endpoint in their infrastructure
from not only malware that has been identified by antivirus software, but also
malware that has never been seen before. Once their own infrastructure is
secured with this technology, credit unions should insist their vendors do the
same, thus securing their organization completely from over 99% of malware.
While credit unions definitely face some substantial
challenges when it comes to cybersecurity, the technology already exists to
secure their data – they just need to deploy it.
Photo via Pexels
Photo via Pexels
No comments:
Post a Comment