CUinDenver: What’s the dirtiest word in business today?

July 14, 2015

Jim Stickley

Above: Jim Stickley, a cybersecurity expert, tells credit unions they can spend hundreds of thousands of dollars on security products and it just takes one employee’s inadvertent mistake to bypass it all. (CUNA Photo)

DENVER (7/14/15)--The biggest “F” word in business today, according to Jim Stickley, a renowned security expert, is “fraud,” and criminals are gaining ground.

Stickley, who is CEO of Stickley on Security and a co-founder and board member of TraceSecurity Inc., presented a breakout session Monday at the collaborative America’s Credit Union Conference and World Council of Credit Unions Conference here. It was called “Fraud--The New “F-Word.”

Stickley noted that criminals are waging a war against corporations, financial institutions--credit unions included--and even government agencies. The attacks range in form from cyberattacks to social engineering; the latter involves intrusion by hackers, which often involves tricking people into breaking normal security protocols to open a window of opportunity for information theft.

He gave his international credit union audience an opportunity to see the techniques criminals are using to infiltrate real businesses--gaining access to networks, while avoiding detection as they grab the information they need to commit their intended fraud.

“Be prepared to be scared,” was the introduction to his session.

Stickley highlighted an ongoing threat known as “Carbanak,” which he said has “has fallen out of favor with the media but has not fallen out of favor with criminals.” Since Carbanak started in 2013, more than 100 financial institutions have been compromised in 25 countries, and an estimated $1 billion has been stolen from through the schemers' malware.

Stickley’s description of the fraud scheme helped underscore his point that one of a financial institution’s biggest vulnerabilities to cyberattacks is their unwitting employees. Schemes like Carbanak send carefully researched and craftily created legitimate-looking emails to employees to get them to open a document that allows malware to enter a financial institution’s system.

Remember, Stickley said, that a credit union can spend hundreds of thousands of dollars on security products and it just takes one employee mistake to bypass it all. He advised that while cybercriminals are sophisticated and patient, they also go for the “low-hanging fruit” of vulnerability--so a credit union should do all it can to have stronger security than the next company.

Education is the cornerstone to security, the SOS CEO advised: Make sure your financial institution begins to budget for security education for all levels of employees--management, executives, board members, third-party vendors--as well as members.

“You need year-round education,” Stickley suggested, saying cybercrimes evolve so quickly that once-a-year training does not suffice. He also reminded that education is not the same as awareness: “That’s what is happening every day.”

For more conference coverage, click here.