If you go to the National Credit Union Administration (NCUA) website, the main page headline reads: “Current Geopolitical Events Increase Likelihood of Imminent Cyberattacks on Financial Institutions.”
If you click through, they explain that the NCUA, CISA, the FBI, and the NSA are encouraging “credit unions of all sizes and their cybersecurity teams nationwide to adopt a heightened state of awareness and conduct proactive threat hunting.”
General global unrest and an increase in cyberattacks resulting from the war in Ukraine prompted these warnings. It’s a wake-up call for credit unions to take action to reduce the likelihood and impact of a potential cyberattack.
After all, credit unions are lucrative targets, and being non-profits with limited security budgets, they’re considered easy ones too. Cyberattacks on these financial institutions lead to large amounts of financial losses, or worse, loss of customer trust and a damaged reputation. – The time to act is now.
Let’s look at some suggestions on how teams can take smart security measures to make proper use of their cybersecurity investments and reduce cyber risk.
Centralize your Cybersecurity Monitoring
Years ago, in an effort to deal with growing cyber threats, IT security teams everywhere tended to implement point solutions to solve individual security problems. And this worked for a while.
However, as hackers became more sophisticated, the amount of data, apps, and connected devices increased, and networks grew, siloed systems themselves posed a threat. The lack of visibility caused fragmented views of what security incidents were occurring, potentially leading to a breach.
Alternatively, a centralized cybersecurity platform can offer real-time insights into potential breaches saving precious time and resources needed to contain a threat.
Our client, First Financial Bank, went from siloed cybersecurity systems to centralized, and now they understand their threat environment. They know what security incidents are occurring, what to prioritize, and how to respond.
Shortly after implementing a centralized approach, two security incidents were found and quickly remediated. They were:
- An alert that two branch router cooling fans were about to fail. The fans were fixed before an outage could occur.
- Discovery of a brute-force attack on a privileged user account.
These two incidents could have been devastating, but with a centralized view, they were neutralized.
Adopt a User Entity Behavioral Analytics Solution (UEBA)
UEBA uses machine learning and analytics to model the behavior of users on corporate networks, providing critical visibility to uncover user-based threats that might otherwise go undetected. This is a must-have not just for credit unions but also for all organizations.
The Verizon Business 2021 Data Breach Investigations Report tells us that:
- In the financial and insurance industries, 83% of data compromised in breaches was personal data.
- 85% of all breaches involved a human element.
If you want to read about some of the more egregious attacks, the Carnegie Endowment for International Peace project created the Timeline of Cyber Incidents Involving Financial Institutions database to understand the level of data breaches. You’ll learn that an increasing number of cyberattacks involve hacking user accounts.
Instead of directly attacking the network itself, targeting specific users is often a more accessible gateway. UEBA can protect against these threats by exposing anomalous and alarming user behavior, so your team can quickly respond.
UEBA empowers your team to expose insider threats, compromised accounts, privilege misuse, and more — all in real time.
Practice your Incident Responses
Your company may have robust cybersecurity, but it only takes one person to click on an email and open an attachment.
All companies should have an incident response plan. These plans should document your IT infrastructure and critical assets and clearly define who’s responsible for what.
In addition, create playbooks for the worst-case scenarios and drill staff on what to do should the cyber emergency happen. During times of duress, people panic. No one knows how they’ll react in a real emergency, but practice does mitigate human error.
Make sure your security orchestration, automation, and response (SOAR) technology and processes are top-notch and incorporated into the practice drills. Brainstorming through the different scenarios will improve your automated workflows for these incident responses.
Given current geopolitical events and government warnings, credit unions must evaluate their current cybersecurity measures and enact changes where needed. Centralizing your cybersecurity monitoring, adopting UEBA technology, and practicing incident responses are all must-haves. However, cybersecurity planning should be a continual process.
At LogRhythm, we have over a decade of experience helping to secure some of the finest financial cybersecurity operations in the world. Visit our website to learn more.
