Just because you spend a lot on security does not mean you are secure.
JPMorgan Chase recently stated it has more than 1,000 security professionals on staff and a $250 million security budget. But even it was not impervious to attack.
In a 2014 JPMorgan data breach, hackers stole an employee’s login credentials after the bank's security team neglected to upgrade one of its network servers with dual-factor authentication protocol. Hackers gained access to more than 90 bank servers, compromising 83 million customers.
That same year, in the Fidelity National Financial breach, an email phishing attack gave hackers access to employee email accounts containing highly sensitive information.
The silver lining of these two breaches affecting the financial services industry is that you can learn from them and reduce your own risk. Let’s take a look at the best defenses for your credit union.
First, employee training is a must. Both of these breaches started with unsuspecting employees.
Hackers are like robbers: they case the joint before starting a heist. Protect your credit union by educating your employees on things like spotting phishing emails, ignoring suspicious links, and not posting personal information on social media.
To address a hacker who is scanning your network, use an intrusion detection and prevention system to analyze complex network traffic in real-time and proactively block malicious internal traffic and sophisticated attacks. If hackers are disrupted, they’re more likely to move to other weaker targets.
Next, look at the attacker's delivery method. Use anti-virus/anti-spam protection to block known viruses and unwanted emails.
Fidelity National would likely not have been impacted if that phishing email had never made it to the end user.
Other email protection like email data loss prevention will block, quarantine, or automatically encrypt sensitive, inappropriate, and risky messages. Sandboxing solutions, like targeted attack protection, stop targeted attacks, spear-phishing, and advanced zero-day exploits without relying on anti-virus signatures.
For URLs that deliver malware, a strong managed firewall service will help, especially one that uses security event and information management (SEIM) technology to prevent sophisticated threats that are difficult for in-house teams to detect.
A managed security service provider (MSSP) can incorporate data from a breach, like that of JPMorgan, with SEIM to detect related activities for their customers and systematically correlate all security events across their customer base.
From JPMorgan and Fidelity to a community credit union, financial institutions of all sizes face the same data security threats. Automated security controls can reduce your risk, and analytics and intelligence can empower security experts to make good risk management decisions.
A third-party MSSP will help you better secure your infrastructure, as well as your critical communications and messaging services.
By investing intelligently, you can protect against the threat of costly breaches, reduce your risk of loss or theft of data, and preserve your brand and reputation—all of which can result in a healthier bottom line.