DES MOINES, Iowa– – In conjunction with Fraud Awareness Week, TMG Fraud Prevention Manager Ashley McAlpine warned credit union personnel not to be fooled by news coverage of distributed denial of service (DDoS) and ransomware attacks.
“It may look like these attackers are only after the big guys. In fact, small organizations are very much on the radar of these criminals,” McAlpine told credit unions.
A DDoS attack occurs when many compromised systems attack a single target. The result is denial of service for users of the targeted system. Ransomware, a type of malware deployed for “data kidnapping,” allows attackers to encrypt a victimized organization’s data so it becomes completely inaccessible. Ransomware attackers typically demand payment via bitcoin or another untraceable digital currency before they will decrypt and release the kidnapped data.
McAlpine said credit unions should not let their relatively small size give them a false sense of security, as all community financial institutions are vulnerable for two reasons. First, they can present an easy “test bed” for attackers working to hone their craft. Second, credit unions and community banks may have fewer layers of protection against DDoS and ransomware.
To mitigate the risks of both DDoS and ransomware attacks, McAlpine suggests community financial institutions consider the following:
- Educate and train employees – Cybersecurity threat education and awareness campaigns must extend to the C-suite because of the increasing threat of “whaling.” These are phishing attempts targeting those at the highest levels of an organization.
- Update firewalls and routers – Never fall behind on system updates. The risk is too critical to allow patches and firmware updates to slide.
- Change default passwords – Systems connected to the Internet, such as WiFi routers, should never be in operation with factory or default passwords. Change upon set up and update often.
- Hire a “white hat” hacker – Several organizations in financial services are finding creative ways to tap into the collective expertise of cybercriminals. By networking at ethical hacking events and working with local colleges, banks and credit unions can recruit or contract with college students and other young cybersecurity experts who will find gaps in their security protocols.
- Designate a cybersecurity leader – “Your cybersecurity will only be as strong as the people you’ve hired to manage it for you,” McAlpine said. Partnering with outside security firms is a best practice for smaller organizations that do not have the appropriate internal resources. “However, even when you partner with an outside organization, there has to be an internal champion to monitor evolving threats and oversee a plan to protect against them,” McAlpine added.
To hear McAlpine discuss DDoS, ransomware and other fraud threats facing today’s financial institutions, go to blogtalkradio.com/tmgglobal]