Credit unions and other financial institutions are dealing with multiple information technology (IT) security threats.
One of the most dangerous is “spearphishing,” says Wes Withrow, cybersecurity expert at TraceSecurity, a CUNA Strategic Services alliance provider.
“Unlike mass-produced attacks, these are more targeted and customized,” he says. “Hackers previously played the odds by sending millions of emails hoping someone would bite. Spearphishing attacks are more sophisticated. They mention something familiar to you then invite you to download familiar file types like PDFs, which actually turn out to be executable files that place malicious software on your computer. This allows the hacker to do things like monitor keystrokes.”
Hackers already have attacked most of the big banks, Withrow says, so credit unions are next in line. “Fortunately, many credit unions are better prepared in terms of IT security than banks were, although they’re still vulnerable.”
He estimates that 60% to 70% of credit unions have some IT security measures in place, but all of them need improvement.
TraceSecurity focuses exclusively on IT security.
“We’d rather focus on and do one thing well than try to cover all forms of enterprise risk management,” Withrow says. “It helps people trust us, and that we’re not trying to sell them solutions that are outside our realm of expertise.”
The company’s IT governance risk and compliance solution is called TraceCSO—your cloud security officer.
“It contains all the necessary processes and work flow needed to support an effective IT security program,” Withrow says. “Credit unions want to get started quickly and not have to buy and install new hardware and software, or hire new people. Our cloudbased software has different functional areas, including one that conducts a thorough risk assessment of a credit union’s IT ecosystem, looking for risks that could be exploited by things like spearphishing attacks.”
TraceCSO also provides policy and procedure templates, as well as a repository of legal and regulatory documents that allow credit unions to better understand how their information security efforts align with compliance mandates, Withrow explains.
TraceCSO’s network vulnerability scanning tools have access to a database of vulnerabilities that are updated daily. “Currently there are over 35,000 identified vulnerabilities,” Withrow says, “which makes us both a proactive and reactive provider: We can help you prevent new attacks and enable you to respond to current ones.”
Implementation is quick—typically a credit union can be up and running on it in one or two days. “There’s still a learning curve, but within the first week a credit union can get their security program started,” he says.