Security experts outlined ways to defend against malware, ransomware, and cloudware threats at the CU InfoSecurity 2015 conference June 3-5 in Las Vegas.
“The attackers have changed their techniques and our detection methods have drastically changed,” Rusty Wilson, chief information officer for the Alexandria, La.-based Ingalls Information Security, LLC said.
Establishing active defense stances starts with performing a meaningful assessment of current security postures as a base line – credit unions need to scrutinize their existing protection and threat identification capabilities, experts said.
Wilson explained that usually law enforcement or a third party alerts financial institutions when a breach occurs.
“So, internal detection mechanisms seem to be failing across the boards,” he noted.
The next step involves strategic segregation of network components.
“When you have networks and you have data, it is important that you figure out what data should be able to touch other data,” he said.
For example, Wilson recommended that the system tellers used to access customer data should not be the same as those who check email.
Finally, credit unions should establish a lasting and adaptive security environment. This means they should assume that a breach will take place.
“Rather than saying we are protected and we are not going to get breached, we just assume that we are going to be breached and now we pivot and figure out how we respond to the breach,” Wilson concluded.
Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based Knowbe4, cautioned that social engineering will be the single greatest security risk in the coming decade. He listed the weak link in IT security is always the three Ps: People, processes and policies.
“The bad guys are simply going after the human end,” Sjouwerman said. “I have done a lot of research and talked to a lot of system administrators in both credit unions and banking, and ransomware is what keeps them awake at night.”
Ransomware can be simply defined as a type of malware that restricts access to a computer system until a ransom is paid.
On a ransomware-infected PC, a message displays stating that decryption requires payment. Ransomware infects PCs via emails purporting to be from authentic computer security companies or falsified websites.
Sjouwerman added, “Users can become complacent or be tricked by social engineering by clicking on a malicious link buried in a spear phishing email or being redirected to a bad site and clicking on something they shouldn't.”
Hemma Prafullchandra, chief technology officer and senior vice president of products at the Mountain View, Calif.-based HyTrust Inc. spoke on the security dangers of virtualization and cloud computing.
“How do you secure these infrastructures when you have shared responsibilities?” she asked. “When you look at the trends, you started with the consolidation of data centers. Everyone wanted fewer physical data centers, located where energy and facility costs were lower.”
Prafullchandra explained, “When you start looking at things such as virtualization and cloud computing, security itself needs to be agile and automated.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
