The FLEX Connexion Blog

5 Ways Credit Unions Can Fight Malware

Written by Preston Packer | Aug 30, 2016



The credit union industry has long been a target of cyber criminals, but in recent years, it's the smaller credit unions that have come under the greatest number of attacks. Smaller credit unions and banks (less than $35 million in assets) accounted for 81% of hacking and malware breaches in the financial industry during the first six months of 2016, a 54% increase over 2015.1 Malware is a broad term used to describe all sorts of malicious software including viruses, spyware, trojans, worms, and more.  It is up to credit unions to stop this trend by putting into place measures that thwart these attacks. Here are 5 implementations credit unions should consider to protect themselves from malware:

  1. Web Filtering: This is commonly the first line of defense against web-based attacks. Malicious or hacked websites, a primary vector for initiating attacks, trigger downloads of malware, spyware, or risky content.  A good web filtering service will block risky sites, as well as prevent malware downloads from hacked websites.2  While web filtering is important, it is not enough to detect all types of malware or block silent attacks of deployment malware in corporate environments.

  2. Firewalls: General firewall protection blocks unauthorized access at the server level while permitting outward communication. They act as a filter between your network and the internet and are a great level of defense. However, firewalls do come with their own set of complications.  Many financial institutions struggle to find an equilibrium in their firewall configurations that allows for a functional and open work environment while still blocking all malicious traffic.

  3. Anti-Virus Solutions: A virus is a type of malware code that copies itself in order to do damage to computers on your network by corrupting or destroying data. So anti-virus software will protect your workstations from viruses, but historically, not from all types of malware.  Most modern solutions have grown to include other types of malware in their protection offering, but keep the naming convention anti-virus because of consumer familiarity with the term.  One major shortcoming of anti-virus solutions is they are are only as good as the last known attack. In other words, no matter how fast anti-virus vendors react, it is a reactionary product where the illness comes before the cure... a network or PC somewhere will be patient zero.

  4. Intrusion Prevention: An Intrusion Prevention System (IPS), most commonly paired with Intrusion Detection and referred to as Intrusion Detection and Prevention Systems (IDPS), reside on your network and monitor network and system activities for malicious activity.  They do no replace your anti-virus solution, rather, work hand-in-hand with it, seeking anomalies in network activity and taking an action before they enter your network.  Examiners are increasingly asking credit unions about their plans for IDPS as they generally see this as the next level of protection modern networks need.

  5. Social Engineering Awareness: The next level of tactic that cyber criminals employ is social engineering.  This is the psychological manipulation of your credit union employees - basically tricking them - into giving out sensitive user information or access into your systems.  The best line of defense for this is end-user education. "Credit Unions must provide staff with annual training on their information security program to ensure effective implementation and understanding by all staff." This is an actual citation from a 2015 CU IT Examination received by a credit union. There are resources available for credit unions to provide inexpensive web based training, but it is crucial for credit union executives to create a culture where security is a key initiative.  Take minutes and watch a social engineering expert convince a cell phone provider employee to change account information. 
Security attacks only need one weakness to get through a system or network, so ensuring you are covering as many of the bases as possible is paramount to your credit union's security.  Comprehensive security services should be deployed to protect your core data from Malware and other cyber security threats.

 

1. http://www.cutimes.com/2016/07/20/malware-attacks-targeting-smaller-financial-instit?&slreturn=1471873258
2. https://www.fortinet.com/products-services/security-subscriptions/fortiguard-services-web-filtering.html