As we start 2021, it’s a good time to reflect on what we learned in 2020. With SMEs preparing themselves for the next normal in 2021, we identified some major data breaches that happened in 2020 that will have implications for credit unions in the near future.
The Credit Union National Association (CUNA) Falls Victim to a Ransomware Attack
In early 2020, it was reported that CUNA’s systems were knocked offline due to a ransomware attack. The organization said that no personal information was taken and its systems were restored in short order; there wasn’t any indication on whether or not they paid the cybercriminals’ ransom.
Credit unions must have a sound ransomware strategy that not only prevents malware from entering the corporate network but also offers backup options if files are encrypted. At Cygilant, we recommend credit unions do the following to protect themselves from ransomware:
- Invest in a good security gateway to filter email and web traffic. Ransomware tends to come from a malicious attachments and phishing emails.
- Every three to four weeks, back up all the files in the office, and more frequently for critical data. This will take time and effort from the IT team but prevent data from being lost.
- Proper cybersecurity awareness training to teach employees how to spot malicious emails is extremely important, not to mention a compliance mandate for credit unions.
- Continuous security monitoring is critical. Even with the first three steps in place, security incidents happen and the faster a threat is detected and contained, the less damage is caused.
Microsoft Exposes 250 Million Records
On January 22, Microsoft disclosed a data breach that took place December 2019. In a blog post, the company said a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data. ZDNet reported the servers contained 250 million entries, with information such as email addresses, IP addresses, and support case details.
Microsoft is inarguably the largest enterprise software company in the world. Yet, as was evidenced in this breach, they are capable of making basic security mistakes. Credit unions must ensure that they have the appropriate people, processes, and technology in place to protect customer information and other critical data because sometimes even industry giants can have slip-ups. Just like in boxing, it’s important that credit unions protect themselves at all times.
American Bank Systems Faces Class Action Over Fall 2020 Data Breach
American Bank Systems faces a class action lawsuit over a data breach in which unauthorized parties reportedly stole over 50 gigabytes of data that included consumers’ personal and financial information. According to the lawsuit, the breach was caused by the company’s failure to implement “basic security procedures,” which left consumers’ private information vulnerable to cybercriminals.
Security compliance is not only a way to protect credit unions from cyberattacks; it’s also a way to protect the business from lawsuit and regulatory fines. We work with our credit union clients to comply with the framework set forth by the Federal Financial Institutions Examination Council (FFIEC). Several of the guide’s core requirements involve capabilities to identify and mitigate potential security gaps and incidents using security monitoring, vulnerability management, and patch management solutions. Cygilant helps banks, credit unions, and other financial institutions meet these requirements with our unique security-as-a-service offerings. Here’s a deeper dive into how we can help:
- SOCVue Security Monitoring meets all of the criteria and capabilities for continuous security monitoring as defined in Section II.C.22 of the FFIEC Handbook. SOCVue delivers continuous information security monitoring capabilities for financial organizations, including both banking and administrative systems.
- SOCVue Vulnerability Management meets requirements for continuous detection and reporting on known vulnerabilities. Our Global SOC Team will schedule scans to identify and help prioritize critical vulnerabilities based on risk to your organization to ensure potential security gaps are addressed quickly.
- SOCVue Patch Management is consistent with FFIEC’s requirements for implementing patches through a change management process. SOCVue ensures that the financial organization’s systems are fully patched, addressing critical requirements for reducing risk.
Those that don’t learn from the past are doomed to repeat it. If you’re looking to protect critical data, infrastructure, and employees from sophisticated modern cyberattacks, get in touch.