Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve
Apr 13, 2017
Credit Unions Caught in the Cybercrime Cross Hairs:How to Get Ahead of the Curve
Today’s Speaker
2
Adam MeyerChief Security StrategistSurfWatch Labs
Tech Advances & User Demands Creating a Cyber Crisis
User Demands• 24x7 access
• Mobile banking
• Mobile deposit
3
Cyber Constraints• Small cyber team & budget
• Limited understanding
• Culture problem
VS.
Regulatory Oversight Issues Creating Checkbox Compliance Trap
Regulations Must be Addressed…
BUT
COMPLIANCE SECURITY
4
Examining the Credit Union Threat Landscape
These are the current “Commodities”
5
Credit Unions Facing the Fraud Balloon
Cybercriminals shift their tactics to hit targets that are:
“Attractive” and “Soft”
6
Anatomy of a Compromised Customer
7
Organization not following best practice
Continuous attempts without intervention
PII on Hand
Anatomy of a Compromised Customer
8
Organization not following best practice x3
Organizational culture failure
Your Brand and Reputation
Cybercriminals’ Avenue of Approach
9
Exploring the Dark Web…
10
A Major Blind Spot In Your Cyber Defenses
11
12
Anonymous Overlays
Real Life Example: Compromised Accounts
13
Real Life Example: Card Skimmers
14
What’s at Stake and Why You Should Care
• Brand and Reputation
• Customer Loyalty
• Intellectual Property
• Legal Defenses
• Sales
• IT Baselines
• Cybersecurity Strategy
Direct Impact on Your Business and Bottom Line!
15
Get Your Head Out of the Sand!
16
Credit Unions are Being Targeted and the Impact of Being Breached is Huge. At Risk Are Your:
• Brand and Reputation
• Customer Loyalty
• Intellectual Property
• Legal Defenses
• Technology
There is a Direct Impact on Your Business and Bottom Line!
Cyber Threat Intelligence Can Steer Your Tactical Defenses in the Right Direction
“FFIEC found that many credit unions and banks are not taking basic
cybersecurity actions.”
• Threat intelligence identified as a key cybersecurity approach by the FFIEC
• Focusing on cyber defense tactics before strategy will leave you wide open to attack
17
FFIEC – Domain 1
Cyber Risk Management and OversightAddresses the BoD’s oversight and management’s development and implementation of an effective enterprise-wide cybersecurity program with comprehensive policies and procedures for establishing appropriate accountability and oversight.
Assessment Factors:
• Governance
• Risk Management
• Resources
• Training and Culture
18
FFIEC – Domain 2
Threat Intelligence and CollaborationIncludes processes to effectively discover, analyze, and understand cyber threats, with the capability to share info internally and with appropriate third parties.
Assessment Factors:
• Threat Intelligence
• Monitoring and Analyzing
• Information Sharing
19
More Threat Data Will Paralyze You
Sound threat intelligence allows you to easily understand your critical risks and make faster, more informed decisions
20
Sharing Must Go Beyond the ISAC
21
It’s Nice, but NOT a Solution• Is your threat intelligence capability a
tool (aka a feed) or a program?- A tool would have an output- A program has an outcome
• How does threat intelligence affect decisions of the…- Incident responder- CIO- CISO- C-Suite (i.e. Business Unit leaders)- Board
Where to Start and Choosing the Right Cybersecurity Strategy
22
The Bottom Line…
• Average breach detection time is more than 200 days!
• Shift to prevention-based focus:
• Understand attack execution methods based on cyber trends related to your business profile
• Predict potential targeting of your systems and information
23
Q&A and Additional SurfWatch Labs Resources
Credit Union Cyber Crisis Whitepaper:info.surfwatchlabs.com/cu-cyber-risk-intel-paper
SurfWatch Dark Web Intel Service: www.surfwatchlabs.com/dark-web-intelligence
Request a Demonstration:info.surfwatchlabs.com/request-demo
24
Thank You!
www.surfwatchlabs.comFollow us at: