Make no mistake: big things comein small packages. That's no secret to cyber thieves. They oftentake the path of least resistance and see credit unions and smallbanks as easy prey since they likely have fewer resources yet thesame exposure to risk as larger financial institutions.
We often see threat actors testing their tactics on creditunions and small banks before attacking a larger financialinstitution. The credit unions not only suffer financial loss fromthe attacks but also the loss of time, productivity andreputation.
|Credit unions often tell me, “We're too small to matter,” “Wedon't store valuable data,” and “Our core provider providessecurity.” Because credit unions have less funds than big banks tosecure their systems and often don't monitor their networks 24/7,it's easy for cyber thieves to get in and out of their networkssight unseen.
|Some credit unions that outsource to a core provider (a companythat provides cloud services for the credit union's core processingsystem) mistakenly believe that the core provider provides securityfor the credit union.
|Core providers only provide security for themselves, so if youhave malware on your system, it won't affect them. Most financialcore providers don't even mention the word “security” in thebusiness contract, and they don't provide security for your networkenvironment!
|There is no one device you can buy or no one thing you can do toensure the security of your corporate environment. I often talkabout the “50/30/20' rule:
- We find firewalls notify you of about 50% of the securityevents that occur on your network.
- About 30% of notifications come from another security layer,the Intrusion Detection/Protection System (IDS/IPS), which is agood risk mitigation and a regulatory compliance demand.
- About 20% of your security event notifications come fromservers, routers and switches that securely direct or receive yourtraffic.
Your IDS/IPS and firewalls should be closely monitored, and theyshould be managed and deployed in a multi-layered securityconfiguration. Your cyber security devices must be tuned andupdated regularly so they are effective and do not disrupt normalbusiness traffic. And, you should monitor all of these devices onyour networks 24/7, so when malware gets in, you can get it outfast, often before any information has been stolen.
|A third-party information security services company can help youwith security services to fit your budget so that your IT team canfocus on supporting other business initiatives without stopping totry to take care of security problems.
|It is more cost effective and is easier to keep intruders outrather than to get them out. Having intruders in a network is onesmall package no one wants to open.
|JeffMultz is security evangelist/director, Midmarket NorthAmerica, for Dell SecureWorks in Atlanta.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
