By Bill Johnson
The cyberthreats facing today’s businesses have become more frequent, more sophisticated and harder to detect. Hackers are deeply familiar with the tools businesses use to identify suspicious activity and routinely modify their tactics to evade detection.
This cat-and-mouse game explains why even businesses that already deploy traditional security tools remain vulnerable to attacks. What’s needed is a holistic and layered approach to cyber security that can dynamically monitor and take account of all the potential vulnerabilities in an IT environment, rather than focusing on single points of vulnerability.
Who’s At Risk for a Cyberattack?
Credit unions can be attractive targets to hackers due to the amount of valuable member data they possess, from social security and account numbers to income data and email addresses. Hackers are thought to target credit unions to test new methodologies for future attacks on other financial institutions.
Although nearly all credit unions use tools to detect attempted intrusions and known malware attacks, what’s often missing are tools to bring the full picture into focus by monitoring the entire IT environment from the firewall to the endpoint, detecting and alerting institution staff to suspicious behaviors, and providing comprehensive assessments and reporting to support auditing and compliance requirements.
How Effective is AV Software?
Most antivirus solutions can only see what they stop. Their weakness lies in situations where a new or unknown “zero-day” attack occurs. Due to hacking techniques that specifically attempt to bypass antivirus defenses, one industry expert recently estimated that traditional antivirus software is catching only about 45% of malware attacks. These blind spots make credit unions more vulnerable to attacks.
Next generation cybersecurity solutions are addressing this weakness in several ways. One is by proactively looking for and blocking suspicious behaviors, such as an elevation of privileges followed by an attempt to delete files. Another technique involves identifying unauthorized systems and applications, and the use of privileged credentials anywhere in your IT environment.
To successfully combat hackers, credit unions must evolve to a layered, defense in depth approach to cybersecurity. This means creating a coordinated system of security and reporting tools spanning the entire IT environment from the endpoint to the perimeter – including antivirus, endpoint protection, firewall monitoring, intrusion detection and prevention systems (IPS and IDS), web content filtering, and more.
Sentry Cyber Security from Fiserv is one example of this kind of layered approach to security, delivered as a managed service. Its end-to-end protection includes overall security assessments, endpoint protection, firewall management and monitoring, IPS and IDS sensors, incident reporting, application and credentials monitoring, audit and compliance reporting, data backup, disaster recovery services and additional security solutions – all designed to minimize performance impacts and IT complexity. Sentry Cyber Security features best-in-class, next-generation CrowdStrike endpoint protection technology, which uses a combination of machine learning, behavioral analysis and threat intelligence to identify and prevent both malware and advanced attacks before they can do any harm.
Money can be returned and data can be restored, but reputational impact can be indefinite. Ensuring your credit union has an advanced and capable security solution will not only keep your members loyal and their assets safe, but will maintain your institution’s strong reputation.
Bill Johnson is vice president with Fiserv.