Nearly every cyber threat expert agrees we haven’t seen the end of the WannaCry ransomware attack. Having thwarted the intrusion detection systems of global companies like FedEx, the biggest cyber-attack the world has ever seen may have credit unions wondering, “Are we next?”
The short answer is yes. There are no organizations, nor consumers, immune to the ransomware threat. Cyber criminals, just like ‘real-world’ thieves, typically take the path of least resistance. Without the necessary protections, policies and processes to stop cyber intrusions, any credit union can find itself in the crosshairs of the next up-and-coming cyber attacker. And when one credit union is breached, word spreads quickly throughout the world’s underground networks.
“Cyber criminals share their ‘wins’ on the dark web,” said Paul Love, CO-OP’s Chief Information Security Officer. “When attacks are successful, learnings are pooled. Fraudsters know that quite often exploited IT or process issues are not corrected right away. This leaves a victimized organization wide open for a second exploit. It can also threaten an entire industry because some of the underlying issues may be shared by similar organizations.”
Fortunately, the good guys are also experts at sharing. With each new cyber-attack, we learn more about how to anticipate, prepare for – and, in the worst cases, respond to – an incident.
Here are five essentials your credit union needs to know:
- Ransomware attacks are getting easier to execute. Over the years, the technical barriers to ransomware attacks have been removed as Ransomware as a Service (RaaS) has come online. Kits allow even the most novice of criminals to subscribe to a service, select the entity they want to attack and then pay a small fee to have someone else execute the attack for them. Sophisticated tracking of these RaaS campaigns, similar to the type deployed by legitimate marketers, allow criminals to learn very quickly what works and what doesn’t.
- WannaCry 2.0 is expected this week. In other words, time is of the essence. Protect your credit union by installing the most up-to-date security patches on all employee computers and devices as quickly as possible.
- Maintaining a culture of security is no longer optional. “The WannaCry attack should be a wake-up call for all credit unions to evaluate their cybersecurity training,” said Ashley McAlpine, CO-OP’s Fraud Prevention Manager. “Having a strong data security policy can help credit unions protect themselves. However, it is only helpful if everyone in the organization is putting the policy into practice.”
- Backing up data is critical. To ensure data is not destroyed forever, consider storing it to the cloud, as well as to a physical device (thumb drive, hard drive, etc.).
- Think before you pay. In every ransomware circumstance, there is a difficult decision to be made. It can be tempting to shell out the ransom demanded. However, keep in mind doing so does not guarantee the data will be returned. “You are dealing with criminals, after all,” noted McAlpine. “These individuals are not known for their honesty and integrity.”
Follow @COOPFraudBuzz on Twitter to stay up to date on WannaCry and for the latest insights on card fraud, risk and security.