There is now a whole economy of cybercrime developing specifically targeting the financial services sector and its consumers. Phishing, Credential Stuffing and other web-based attacks have had a huge cost and impact on the industry...to the tune of nearly $3 million per minute! What can be done to protect your members and their information from a cyber attack and minimize the expense if one should happen? A combination of technology and education can be your best defense.
Recent data shows that every minute, organizations lose $2.9 million to cybercrime, and there are 3.5 billion malicious login attempts targeting the financial services sector. Those out there with mal-intent are continually looking for new ways to gain private information via a cyber attack. Phishing and credential stuffing are two of the most common and utilized methods for gaining illegal information.
For some background, phishing is the fraudulent attempt to get information by disguising oneself as a legitimate entity in order to obtain usernames, passwords and credit card details via some sort of electronic communication, such as email or fake website. This information is often then used to hack into bank accounts and other secure websites. A recent report found 197,524 phishing domains between December 2, 2018 and May 4, 2019; of those domains, 66% targeted consumers directly. When phishing domains went after consumers specifically, 50% targeted companies in the financial services industry.
Credential Stuffing often uses the passwords and account information gained from phishing, or another method, on a large scale using automated log-in attempts to gain access illegally. Credential stuffing is fast becoming the cyber crime of choice, with data showing that, in addition to unique phishing attempts, cyber criminals attempted to pull off 3.5 billion credential stuffing attacks during an 18-month period, putting the personal data and banking information of millions of financial services customers at risk.
So what can be done to minimize this risk? Start at the core... Work with a core provider that has robust technology that uses cutting edge technology to keep up with the ever changing face of cyber security. One that can incorporate updates easily, and has thought through the security measures your credit union needs. Take the time to educate your employees to recognize and report attempts. Regular training sessions to act as reminders can be very beneficial, even if it's repeat information. Members should be educated as well on smart cyber practices: avoid using the same password across sites, utilize two-factor authentication if possible, and protect their personal technology with a good security program.