Experts continued to mull the best next steps for financialinstitutions in light of last week's release by the FBI and the Financial Services InformationSharing and Analysis Center of an unprecedented warning that criminal organizations are increasingly targetingemployee computers inside credit unions and banks.
|Mixed in there was the disclosure that several money center banks – notably Bank ofAmerica and Chase – had suffered so-called Distributed Denial ofService attacks that had slowed their websites to molassesspeed.
|FS-ISAC also raised its Cyber Threat Level from “Elevated” to“High,” suggesting that more dangers existed for financialinstitutions in cyberspace.
|So, what should credit unions do now to protect themselves?
|Mark Kay, one-time chief information officer at JP Morgan Chaseand presently CEO at StrikeForce Technologies, a developer of toolsto protect businesses against cyber criminals, warned in aninterview: “Small and mid-sized credit unions can expect to betargets.”
|He added: “Don't think AV (anti-virus) tools protect you. Theydon't. Not against the attacks the FBI is warning against. For them, you have to do something completely different.”
|Tom Cross, director of security research at Lancope, said in anemail: “The right approach to managing these kinds of attacks ismultifaceted. Separating sensitive systems from the Internet andusing multi-factor authentication solutions are importantsteps.
|“It's also important to monitor your internal network andcollect an audit trail of network activity that you can use toinvestigate these incidents once they have been detected. Thataudit trail can come in handy – the FBI report mentions that subtleindicators, such as legitimate users logging into the network atodd hours, can be the thread that leads to identification of theseattacks.”
|Among the key recommendations offered by the FBI and FS-ISAC arethese:
|* “Educate employees on the dangers associated with openingattachments or clicking on links in unsolicited emails
|* Do not allow employees to access personal or work e-mails onthe same computers used to initiate payments
|* Do not allow employees to access the Internet freely on thesame computers used to initiate payments.”
|Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
