Experts continued to mull the best next steps for financial institutions in light of last week's release by the FBI and the Financial Services Information Sharing and Analysis Center of an unprecedented warning that criminal organizations are increasingly targeting employee computers inside credit unions and banks.
Mixed in there was the disclosure that several money center banks – notably Bank of America and Chase – had suffered so-called Distributed Denial of Service attacks that had slowed their websites to molasses speed.
FS-ISAC also raised its Cyber Threat Level from “Elevated” to “High,” suggesting that more dangers existed for financial institutions in cyberspace.
So, what should credit unions do now to protect themselves?
Mark Kay, one-time chief information officer at JP Morgan Chase and presently CEO at StrikeForce Technologies, a developer of tools to protect businesses against cyber criminals, warned in an interview: “Small and mid-sized credit unions can expect to be targets.”
He added: “Don't think AV (anti-virus) tools protect you. They don't. Not against the attacks the FBI is warning against. For them, you have to do something completely different.”
Tom Cross, director of security research at Lancope, said in an email: “The right approach to managing these kinds of attacks is multifaceted. Separating sensitive systems from the Internet and using multi-factor authentication solutions are important steps.
“It's also important to monitor your internal network and collect an audit trail of network activity that you can use to investigate these incidents once they have been detected. That audit trail can come in handy – the FBI report mentions that subtle indicators, such as legitimate users logging into the network at odd hours, can be the thread that leads to identification of these attacks.”
Among the key recommendations offered by the FBI and FS-ISAC are these:
* “Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited emails
* Do not allow employees to access personal or work e-mails on the same computers used to initiate payments
* Do not allow employees to access the Internet freely on the same computers used to initiate payments.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
