25
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Embed Size (px)

Citation preview

Page 1: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Credit Unions Caught in the Cybercrime Cross Hairs:How to Get Ahead of the Curve

Page 2: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Today’s Speaker

2

Adam MeyerChief Security StrategistSurfWatch Labs

Page 3: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Tech Advances & User Demands Creating a Cyber Crisis

User Demands• 24x7 access

• Mobile banking

• Mobile deposit

3

Cyber Constraints• Small cyber team & budget

• Limited understanding

• Culture problem

VS.

Page 4: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Regulatory Oversight Issues Creating Checkbox Compliance Trap

Regulations Must be Addressed…

BUT

COMPLIANCE SECURITY

4

Page 5: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Examining the Credit Union Threat Landscape

These are the current “Commodities”

5

Page 6: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Credit Unions Facing the Fraud Balloon

Cybercriminals shift their tactics to hit targets that are:

“Attractive” and “Soft”

6

Page 7: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Anatomy of a Compromised Customer

7

Organization not following best practice

Continuous attempts without intervention

PII on Hand

Page 8: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Anatomy of a Compromised Customer

8

Organization not following best practice x3

Organizational culture failure

Your Brand and Reputation

Page 9: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Cybercriminals’ Avenue of Approach

9

Page 10: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Exploring the Dark Web…

10

Page 11: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

A Major Blind Spot In Your Cyber Defenses

11

Page 12: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

12

Anonymous Overlays

Page 13: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Real Life Example: Compromised Accounts

13

Page 14: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Real Life Example: Card Skimmers

14

Page 15: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

What’s at Stake and Why You Should Care

• Brand and Reputation

• Customer Loyalty

• Intellectual Property

• Legal Defenses

• Sales

• IT Baselines

• Cybersecurity Strategy

Direct Impact on Your Business and Bottom Line!

15

Page 16: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Get Your Head Out of the Sand!

16

Credit Unions are Being Targeted and the Impact of Being Breached is Huge. At Risk Are Your:

• Brand and Reputation

• Customer Loyalty

• Intellectual Property

• Legal Defenses

• Technology

There is a Direct Impact on Your Business and Bottom Line!

Page 17: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Cyber Threat Intelligence Can Steer Your Tactical Defenses in the Right Direction

“FFIEC found that many credit unions and banks are not taking basic

cybersecurity actions.”

• Threat intelligence identified as a key cybersecurity approach by the FFIEC

• Focusing on cyber defense tactics before strategy will leave you wide open to attack

17

Page 18: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

FFIEC – Domain 1

Cyber Risk Management and OversightAddresses the BoD’s oversight and management’s development and implementation of an effective enterprise-wide cybersecurity program with comprehensive policies and procedures for establishing appropriate accountability and oversight.

Assessment Factors:

• Governance

• Risk Management

• Resources

• Training and Culture

18

Page 19: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

FFIEC – Domain 2

Threat Intelligence and CollaborationIncludes processes to effectively discover, analyze, and understand cyber threats, with the capability to share info internally and with appropriate third parties.

Assessment Factors:

• Threat Intelligence

• Monitoring and Analyzing

• Information Sharing

19

Page 20: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

More Threat Data Will Paralyze You

Sound threat intelligence allows you to easily understand your critical risks and make faster, more informed decisions

20

Page 21: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Sharing Must Go Beyond the ISAC

21

It’s Nice, but NOT a Solution• Is your threat intelligence capability a

tool (aka a feed) or a program?- A tool would have an output- A program has an outcome

• How does threat intelligence affect decisions of the…- Incident responder- CIO- CISO- C-Suite (i.e. Business Unit leaders)- Board

Page 22: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Where to Start and Choosing the Right Cybersecurity Strategy

22

Page 23: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

The Bottom Line…

• Average breach detection time is more than 200 days!

• Shift to prevention-based focus:

• Understand attack execution methods based on cyber trends related to your business profile

• Predict potential targeting of your systems and information

23

Page 24: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Q&A and Additional SurfWatch Labs Resources

Credit Union Cyber Crisis Whitepaper:info.surfwatchlabs.com/cu-cyber-risk-intel-paper

SurfWatch Dark Web Intel Service: www.surfwatchlabs.com/dark-web-intelligence

Request a Demonstration:info.surfwatchlabs.com/request-demo

24

Page 25: Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the Curve

Thank You!

www.surfwatchlabs.comFollow us at: