For decades, millions of Americans have relied on Colonial Pipeline, one of the nation’s largest gasoline channels, to provide fuel for daily transportation. However, the recent ransomware attack on the company resulted in a ransom payment of nearly $ 5 million and fuel supply disruption, causing many consumers to panic. A few weeks later, JBS – one of the largest meat processing companies in the world – was the victim of another attack and paid a ransom of $ 11 million as a result.
Ransomware attacks pose a threat to all industries, including financial services. More recently, several credit unions have been affected by a global ransomware attack involving more than 1,000 companies.
These ransomware attacks are just the latest of their kind and will not be the last. The recent increase in the frequency of ransomware is expected to be a major concern for credit unions, whose data is particularly susceptible to these attacks. As attacks increase, credit unions must consider the operational and financial implications of being held hostage by ransomware.
The following seven strategies will strengthen your credit union’s defenses against ransomware attacks.
1. Educate employees: One of the most important strategies a credit union should adopt is to properly educate employees on best practices for identifying and preventing cyber threats, including ransomware. In many cases, an attack starts with an employee inadvertently allowing the cybercriminal to access their system by clicking on a malicious link or attachment in an email. It is essential to train staff to recognize the signs of ransomware and to react when they encounter suspicious activity. Reinforce the importance of reporting unusual or suspicious emails to the appropriate parties. With the right training, your employees will become the first line of defense – and the greatest asset – in protecting your institution against ransomware.
2. Reduce the attack surface: Granting every device access to the Internet within a credit union is a huge responsibility. Every device with Internet access creates an opportunity for cybercriminals to infiltrate your systems, and some devices do not necessarily require the Internet or may require limited access. Institutions need to assess which devices need access and block traffic that is not necessary for the activity. Web filtering applications are valuable tools to achieve this. By decreasing the attack surface, a credit union will reduce overall exposure to cyber threats.
3. Evaluate privilege control: In addition to reducing the attack surface, limit the number of employees who have access to member data. Only employees who need deep access to member files should have it. Institutions should review existing privilege controls for all users and ensure that the level of access is appropriate for their day-to-day tasks. Temporary access can also be granted if an employee requires more extensive access for a specific period of time. Restricting these privileges to a smaller pool of employees will reduce an institution’s overall risk.
Additionally, multi-factor authentication (MFA) should be required for employees who have access to member data. MFA prompts users to verify their identity with two or more pieces of evidence, ultimately preventing hackers from gaining access to accounts by obtaining or cracking a password. By forcing employees to authenticate their identities in several ways, a credit union can strengthen the resilience of its network.
4. Update operating systems and applications: While many credit unions understand the importance of updating their operating systems, critical updates should be installed in a timely manner as they often include patches or fixes for zero-day vulnerabilities. By establishing a rapid deployment plan for critical vulnerabilities, your credit union can effectively perform updates.
Additionally, prohibit employees from downloading unnecessary apps to their devices. Each installed application offers hackers the ability to access the device. Credit unions can prevent employees from downloading unnecessary applications through a whitelist or blacklist.
Whitelisting provides employees with an index of secure and supported applications and allows institutions to tighten their access control, while blacklisting involves creating a list of potentially threatening applications and block access. In many cases, whitelisting is the most effective approach since a business case must exist for each application to be installed.
5. Implement anti-malware software: With the growing threat of ransomware attacks, credit unions need to strengthen their protection against malware. While many financial institutions run active anti-malware tools on their workstations, they should also be using the software on their mail servers and consider using network-based anti-malware solutions to detect traffic before it occurs. ‘it does not reach the devices. A robust anti-malware program should identify threats as they enter a network and when threats are on devices or mail servers, thus enhancing protection from all points of view.
6. Block the known risks: There are several application suites that identify and respond to different types of malware. These applications detect known ransomware and prevent it from going through the encryption process while notifying administrators of its presence on the network. However, many attackers are now using unknown bugs in malicious application suites, which means credit unions need to take extra precautions. A powerful web filtering program restricts access to any risky or unclassified site, reducing the possibility for an attacker to compromise your network through those sites.
7. Perform regular data backups: Regular data backups are essential for financial institutions. The best recommendation is to implement a risk-based backup program with the frequency and duration of backup retention defined according to the criticality of the data. While the goal of a cybercriminal is to keep an organization’s data captive, credit unions can minimize risk by duplicating critical data and storing it offline.
While a credit union probably has backup protocols in place for servers or databases, they shouldn’t overlook the importance of user backups. If users don’t take regular backups and a specific machine is compromised by ransomware, your credit union may lose critical data. Educate users on implementing a good backup schedule for their devices and determine a backup schedule for your institution.
Stay one step ahead
Cyber security is not just a technological problem; it’s a business problem. As the financial industry continues to digitize, credit unions can expect ransomware attacks to increase in scale, frequency and sophistication.
Going forward, credit unions should establish a plan that highlights prevention, detection, and protocols during an attack. This allows for a faster response and possible isolation of any infected device. By keeping the pulse of current and evolving threats, your credit union can keep its network, data and members secure.
Steve Sanders is the Information Security Officer for Computer Services, Inc., a main processor based in Paducah, Ky.