Rob Johnston MSNBC

Protect Credit Union Assets from Sophisticated Hackers

Today’s criminals have moved beyond ransomware and malware.

Protect Credit Union Assets from Sophisticated Hackers

From left: Tim Evans, chief of strategy; Don McLamb, Director of Engineering; and Rob Johnston, CEO.

Financial institutions are prime targets for cybercriminals looking to gain access to volumes of consumers’ personal data and money.

In 2017, the U.S. experienced 1,579 data breaches, 8.5% of which involved financial services companies such as credit unions, banks, investment firms, and credit card companies.

Credit unions face considerable challenges protecting sensitive personal and financial data from breaches. As nonprofit entities, they tend to have lean information technology (IT) teams and reduced technology budgets.

While credit unions may have smaller IT staff and budgets than larger banks, collectively they serve more than 100 million members and have assets of roughly $1.4 trillion.

To support their business, credit unions rely upon complex IT infrastructures with hundreds of connected devices transmitting large volumes of sensitive data. In addition to defending against intruders, credit unions must implement security controls to meet security compliance requirements.

It’s no surprise hackers find credit unions attractive.

Hackers realize that legacy security tools can’t properly protect today’s dynamic infrastructures. Firewalls and penetration testing alone can no longer keep sensitive data and assets safe.

Today’s hackers have moved beyond ransomware and malware, and have identified new methods for infiltrating networks to steal employees’ identities, and then use those identities  to roam the network—without  the network owners even knowing of  their presence.

Fileless attacks are becoming their weapon of choice. They don’t require any payload, and they are harder to detect than traditional malware-based threats.

Credit unions looking to outsmart hackers and ease the burden of compliance need to reassess their security strategies and identify the right blend of people, technologies, and programs necessary to protect themselves and their members.

To outsmart the bad guys, some credit unions are looking at advanced detection technologies that leverage machine learning and artificial intelligence.

Machines capable of cognitive functions, such as anomaly detection and classification, have superior processing power and continuously scan huge volumes of data to identify risks.

Today’s cybersecurity technology

Technology is revolutionizing the way credit unions secure enterprise assets and ensure PCI DSS (Payment Card Industry Data Security Standards) compliance. Today’s solution must be a cloud-delivered SaaS [software as a service] solution that protects against internal and external malicious actors.

A perfect Security Information & Event Management (SIEM) replacement or augmentation platform uses artificial intelligence, machine learning, and pattern recognition to monitor an organization’s network 24/7 to detect changes in user behaviors. It provides real-time visibility and analysis of the activities of every identity within the enterprise.

Creating a heuristic baseline of user activity by analyzing behavior, it identifies   potentially malicious activity and sends a warning to the administrator, providing details about the questionable event before the threat becomes critical.

PCI compliance

Credit unions also need a platform that helps manage the security and confidentiality of member information by monitoring systems and activities to detect attempted and actual attacks on, or intrusions into, member information systems.

Appropriate technology solutions help manage the complexity of a constantly changing IT environment and provide insight into what sensitive data is being accessed by every account on the network.

Visualize privilege across your network

Managing user privilege across multiple groups is a challenge. User rights that are assigned to a group are applied to all members of the group while they remain members.

If a user is a member of multiple groups, the user’s rights are cumulative, meaning that user has more than one set of rights and privileges. Failure to routinely audit privilege and groups can result in misuse of privilege and unauthorized access to sensitive files.

SIEM-like technology automates the process for managing user privilege, ensuring account privilege status is up to date and accurate.

Cyber hunting

The Adlumin Platform is revolutionizing how credit unions secure sensitive data and intellectual property while achieving their compliance objectives. Adlumin provides a virtual machine-learning team of four to five personnel that hunts networks 24/7 for anomalous behavior.

This eliminates the need for credit unions to hire a single person.

TIMOTHY EVANSJ.D., L.L.M., is co-founder/senior vice president and chief of strategy for Adlumin Inc.