By MARC RAPPORT Credit Union Times Technology Correspondent
PASADENA, Calif. -- Piling on may be the best way to fight back as credit unions face increasingly sophisticated and numerous attacks on the technology infrastructure protecting their most valuable assets: members' money and trust.
"An enterprise's network security platform should be as layered as an onion," Wescom Credit Union's Rob Guilford says in a new white paper from Wescom Resources Group (www.wescomresources.com), the $3.5 billion credit union's tech CUSO.
"If you use multiple levels of physical and virtual security, invaders may be able to penetrate the top levels of your security, but they won't be able to peel back the deeper layers to reach your most important core data," Guilford, Wescom's senior vice president of information technology, says in the document, titled "Network Security: Moving Beyond the Basics."
Operating system vulnerabilities--those holes in the firewalls exploited by roaming worms, viruses and such--are no longer as much the target of fraudsters, who now are launching more focused, covert attacks on individual institutions, making the need to control access while monitoring applications and networks ever more crucial, the white paper says.
The fact that credit unions have become a target of choice by phishers and hackers has been well-documented, and the NCUA this past June issued new guidelines that instruct credit unions to ensure the security of member information by anticipating and protecting against threats, including unauthorized access to current information and improper disposal of outdated data.
"To achieve these objectives, an information security program must suit the size and complexity of a credit union's operations and the nature and scope of its activities," the Wescom white paper says.
"However, due to lack of resources or an understanding of the real threat potential, many credit unions do not have the necessary technical controls and policies in place to successfully protect their systems and information," it says.
More than 52 million individual consumer accounts were placed in jeopardy in 2005 because of security breaches, according to the Federal Trade Commission. In addition to the loss of consumer trust, there's an even more tangible bottom line consequence: The Ponemon Institute estimated that a data breach costs an organization an average of $182 per compromised record.
"With so much at stake, credit unions cannot afford to go without an effective network security solution," Guilford says.
The Wescom white paper makes detailed recommendations on ensuring physical security, examining password procedures, reviewing network security settings, monitoring network traffic, securing the online banking operation, and other fundamental ways of adding layers of protection to a credit union network.
Getting help is another fundamental way of securing the electronic frontiers, with a number of companies specializing in finding vulnerabilities and fixing them, says John Best, Wescom Resources Group's director of technology.
"The costs and types of services depend on the individual needs of the credit unions," he says. "The variables to consider are the number of systems, number of choke points and how active the network is. The one thing to keep in mind is that you don't want the company you have guarding the system to also be the company testing the system."
And as technology continues to evolve in credit union land, so will the challenges of protecting it.
"You can build a 10-foot wall and the hackers will show up with an 11-foot ladder," Best says. "The game will never end. In the past it was check fraud and over-the-counter fraud. Now, it's e-commerce."
"The criminals are always looking for new ways to beat the system, and credit unions have to be ready."
The white paper is available by contacting Gina Kovacs at (877) 995-9000, ext. 8678, or firstname.lastname@example.org. --email@example.com