For decades, millions of Americans have relied on Colonial Pipeline, one of the nation’s largest gasoline channels, to provide fuel for daily transportation. However, the recent ransomware attack on the company resulted in a nearly $5 million ransom payment and disruption of fuel supply, causing panic for many consumers. A few weeks later, JBS – one of the world’s largest meat processing companies – was the victim of another attack and paid a ransom of $11 million as a result.
Ransomware attacks are a threat to any industry, including financial services. More recently, several credit unions were affected by a worldwide ransomware attack that involved more than 1,000 businesses.
These ransomware attacks are only the latest of their kind, and they won’t be the last. The recent increase in frequency of ransomware should be a tremendous concern for credit unions, whose data is particularly sensitive to these attacks. With attacks on the rise, credit unions must consider the operational and financial implications of being held hostage by ransomware.
The following seven strategies will strengthen your credit union’s defenses against ransomware attacks.
1. Educate employees: One of the most important strategies a credit union should embrace is properly educating employees on best practices for identifying and preventing cyber threats, including ransomware. In many cases, an attack begins with an employee who inadvertently allows the cybercriminal to access their system by clicking a malicious link or attachment in an email. It is vital to educate staff on recognizing signs of ransomware and how to react when they encounter suspicious activity. Reinforce the importance of reporting unusual or suspicious emails to the appropriate parties. With proper training, your employees will become the first line of defense – and greatest asset – in protecting your institution from ransomware.
2. Reduce the attack surface: Granting every device internet access within a credit union is an enormous liability. Each device with internet access creates an opportunity for cybercriminals to infiltrate your systems, and certain devices do not necessarily require internet or may require limited access. Institutions should evaluate which devices need access and block traffic that is not necessary for business. Web filtering applications are valuable tools to achieve this. By decreasing the attack surface, a credit union will reduce overall exposure to cyber threats.
3. Evaluate privilege control: In addition to reducing the attack surface, limit the number of employees who have access to members’ data. Only employees who need deep access to member files should have it. Institutions should review existing privilege controls for all users and ensure the level of access is appropriate for their day-to-day duties. Temporary access can also be granted if an employee needs greater access for a specific amount of time. Restricting these privileges to a smaller pool of employees will decrease an institution’s overall risk.
Furthermore, multi-factor authentication (MFA) should be required for employees who have access to member data. MFA prompts users to verify their identity with two or more pieces of evidence, ultimately preventing hackers from accessing accounts by obtaining or cracking a password. By requiring employees to authenticate their identity in multiple ways, a credit union can strengthen the resilience of their network.
4. Update operating systems and applications: While many credit unions understand the importance of updating their operating systems, critical updates should be installed in a timely manner as they often include patches or fixes to zero-day vulnerabilities. By establishing a rapid deployment plan for critical vulnerabilities, your credit union can efficiently complete updates.
Additionally, prohibit employees from downloading unnecessary applications to their devices. Every application installed provides an opportunity for hackers to access the device. Credit unions can prevent employees from downloading unnecessary applications through whitelisting or blacklisting.
Whitelisting provides employees with an index of safe, supported applications and enables institutions to strengthen their access control, whereas blacklisting involves creating a list of applications that might pose a threat and blocking access. In many cases, whitelisting is the most effective approach since a business case should exist for each application to be installed.
5. Implement anti-malware software: Due to the increasing threat of ransomware attacks, credit unions must strengthen their malware protection. While many financial institutions run active anti-malware tools on their workstations, they should also utilize the software on their mail servers and consider using network-based anti-malware solutions to detect traffic before it reaches devices. A robust anti-malware program should identify threats as they enter a network and when threats are on devices or mail servers – ultimately strengthening protection from all vantage points.
6. Block known risks: There are several application suites that identify and react to different types of malware. These applications detect known ransomware and prevent it from going through the encryption process while notifying administrators of its presence on the network. However, many attackers are now utilizing bugs that are unknown to the malware application suites, meaning credit unions must take extra precautions. A strong web filtering program restricts access to any risky or uncategorized site, diminishing the opportunity for an attacker to compromise your network through these sites.
7. Conduct regular data backups: Regular data backups are essential for financial institutions. The best recommendation is to implement a risk-based backup program with the frequency and retention period of backups defined according to the criticality of the data. While a cybercriminal’s goal is to hold an organization’s data captive, credit unions can minimize the risk by duplicating critical data and storing it offline.
While a credit union is likely to have backup protocols in place for servers or databases, it must not overlook the importance of user backups. If users aren’t conducting regular backups and a specific machine is compromised with ransomware, your credit union could be at risk of losing critical data. Educate users on implementing a good backup program for their devices and determine a backup schedule for your institution.
Staying Ahead of the Curve
Cybersecurity is not just a technology issue; it is a business issue. As the financial industry continues to digitize, credit unions can expect ransomware attacks to increase in scale, frequency and sophistication.
Moving forward, credit unions should establish a plan highlighting prevention, detection and protocols during an attack. This allows for a quicker response and possible isolation of any infected devices. By keeping a pulse on current and evolving threats, your credit union can keep its network, data and members safe.
Steve Sanders is chief information security officer for Computer Services, Inc., a core processor based in Paducah, Ky.