Credit union leaders participated last week in a simulated ransomware attack both at Credit Union House in Washington, D.C. and remotely. CUNA joined with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and ManTech, a provider of cybersecurity solutions, to conduct the session.
“The idea of the exercise was to facilitate a realistic, ‘live-fire’ cyber-attack against a simulated financial institution. The participants were tasked with detecting, responding to and defending against the attack,” said Lance Noggle, CUNA senior director of advocacy for payments and cybersecurity. “We had experts on hand to answer questions and explain various aspects of the scenario, and hopefully everyone walked away with an idea of what it feels like, and how to defend, against an attack like this, which has the potential to shut businesses down and cost lots of money.”
Ransomware attacks use a form of malicious software to encrypt an entity’s files or computers, and then demanding a ransom from the affected entity to remove the encryption. It incorporates elements of phishing, in which bogus emails are sent to individuals within the company, and when one is clicked the hacker can gain access to the company’s network.
According to ZDNET, the average ransom demanded by hackers during such attacks has almost doubled in 2019, from an average of $6,733 paid per incident in the final quarter of 2018 to an average of $12,762 in the first quarter of 2019. The average attack time has also grown in that period, from 6.2 days in 2018 to 7.3 days in 2019.
In addition to equipping credit unions with the skills and tools to keep their institutions safe from cyber threats, cybersecurity remains a priority for CUNA, with advocates engaging lawmakers across the government to enact strong data security legislation.