Why Are Cyber Threats Becoming More Prevalent?

security

security

Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com

Certainly glad to have you here and as we talk about cybersecurity, so one of the things I wanted to bring up is that one in three Americans experiences fraud or information theft every year.

So, why are cyber threats becoming more prevalent?

Paul Love, Chief Information Security Officer CO-OP Financial Services

Consumers are using more and more technology and as it becomes more and more part of our lives, hackers have more opportunities to infiltrate right? So the more we use it the more that it controls every aspect of our life. The hackers are finding new ways. So as there’s more opportunity, there’s more opportunity for the hackers to break in. Part of the problem is that there’s vulnerabilities on the part of the companies that are deploying these technologies as well as the ones that are maintaining the information. So that’s why we’re seeing more instances of data breaches. And one of the primary reasons is companies aren’t implementing the cybersecurity protocols and hackers are taking advantage of those weaknesses and so as technology moves very, very quickly organizations typically aren’t able to [keep up with] the changes as well.

Another part of the problem is that consumers themselves are not keeping their data safe, and they’re treating cybersecurity as they would any physical security threat. But it’s far more sophisticated, right? Once the data is out there it continues to be put out there more and more.

Finally, hackers themselves are becoming more sophisticated. It’s not like in the 80s and 90s where you had, you know, somebody just running a standard script and it was very difficult in some cases to do things. Or you know someone created a script and it was very easy to do. Hackers are getting much more organized. It’s not just individuals or small teams.  It’s actually large organizations or you see, in some cases, some hackers are specializing in specific areas and becoming very, very good. For instance, they’re using AI and a lot of really in-depth complex hacking tools to target companies as well as individuals.

Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com

Great, thank you for that. I do kind of see it as three large kinds of components here: You’ve got obviously the fraudsters, you’ve got the consumers and then you’ve also got the financial institutions themselves there. Recently we’ve seen a lot of large-scale fraud examples that have come out in the news but talking about one of the things that we might be able to possibly control a little bit better is from the consumer aspect: their own personal data and information.

So from your standpoint, how is it that credit union members, in particular, can help protect themselves against future attacks?

Paul Love, Chief Information Security Officer CO-OP Financial Services

Sure. So there’s been a lot of very, very large data breaches. In fact, there was one recently that you know, many people probably heard about. Last year you had another major one and these are becoming more and more common. So typically we won’t understand why these breaches occurred, but you know, we continue to hope that businesses are investing more in protecting information. But with that said there are a number of steps consumers can take to help protect themselves. So, for instance, using different passwords for different sites, right? Don’t use the same password across all the different sites you go to like your banking and your credit union sites and your social media. Really try to use different passwords for all the different places you go to. Installing a trustworthy antivirus tool or firewall on your computer and that’s whether you’re using a Macintosh or a Windows computer, right because they both have their weaknesses and having these tools are just very good [data] hygiene. If you are impacted by a data breach, check credit report to see if any unauthorized accounts were open. But as a pre-emptive measure actually now the credit freezes are free putting a credit freeze in with the four credit bureaus is a really a very, very good way to help protect yourself and the Federal Trade Commission has some direction on how to do that. If you look at credit freeze and go to the ftc.gov website, you’ll see very specific directions on what a credit freeze is and how it helps you.

And then also one of the most important things and this is it seems very basic but it’s a very good way to protect yourself is don’t open or click on suspicious emails. It seems very obvious but it’s a very common thing that does happen. So, you know, you almost want to think of every email you receive is someone coming to your home and knocking at your door, right? You wouldn’t open your door to any random stranger or open up a package from a random stranger that came to your house that was unexpected. You’d apply a little bit of common sense to that and doing the same with your email is really important to protecting yourself and your family.

Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com

Excellent. So I think what you’re getting at there is that that Nigerian Prince that keeps reaching out to me doesn’t actually have any money to send me. But I’d like to bring that up though because as you pointed out a little earlier, it’s fraudsters that are getting more clever. They’re getting smarter. So yes, it may not be the Nigerian Prince email but they’re doing things that are more sophisticated but almost kind of in that same vein of: “I just need them to get them to click here or do this particular action to make them make them vulnerable to it”. And if I could shift gears here, speaking about how companies are making investments in security in that nature, I know also CO-OP Financial Services has been making some big investments [in cyber security] particularly in their machine learning and AI tool called COOPER. So what I’d like to learn from you then is:

what is it that credit unions themselves can do to help protect their members’ data and financial information?

Paul Love, Chief Information Security Officer CO-OP Financial Services

Making cybersecurity a top priority, and one that everybody in the organization is invested in. Security is not just your information security team or the one individual assigned to security, but it’s really a part of everybody’s job and everyone’s responsibility. Part of that is investing in the right tools and partners and working with partners to help ensure your data is protected. But one of the key things is having your employees really feel like security is part of their job. Educating them on what they need to do and how they need to protect themselves. But also when to report things, ensuring that your employees are aware of and actively practicing good cyber hygiene. So not just being aware but not clicking on links and downloading software from unapproved sites, or not giving out information over the phone without really making sure that they understand who was on the other side. Be mindful of the data you share with your partner’s threw open APIs, that’s a key point of infiltration for hackers. And then involve your members in the fight, talk to them about cybersecurity best practices and encouraging them to work with you. For instance tools like CO-OP’s card and absolution, help put security in members hands by allowing them to set up fraud alerts and to manage their accounts from anywhere.

And then the last thing I would add is preparing for incidents for if a hacker does gain access to your information or your credit union: have a plan in place before the actual incident happens? There are a lot of famous quotes but I think one was from the FBI that said: “if you don’t know that you’ve been hacked you probably you have already.” So really make sure that you understand how you would react and have the right people identified to be prepared to react so that you can really minimize the damage and reduce the impact to your organization into your members. And with that solid plan, you’re able to really be able to move forward from a potential incident.

Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com

Right. Any time that we’re speaking about the education aspect of it in terms of making sure that employees and everybody involved is kind of aware of these different security risks and the do’s and don’ts that are out there, I always get this visualization of a Far Side comic where you have a boxing ring and the announcers say “In this corner, we have the most sophisticated, fraud machine learning tool that’s ever been created. And in this corner, we have Bob. And Bob is supposed to be that guy that’s just like he’s clicking on everything and so you think: we can have the best tools in the world but if you have unfortunately an employee who just is going to open you up to risk, you know, sometimes that’s not good.

Paul Love, Chief Information Security Officer CO-OP Financial Services

And that’s very true. Actually. I mean your employees are your frontline and they are the ones who can make or break your security program. So ensuring that they’re educated and are not afraid to report things that seem unusual is really, really important in developing a good relationship between the security program and the employees.

Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com

So as we take a look at your cybersecurity in general and fraud as well, you know, we kind of look forward into the next five to ten years and this is just an ever-changing evolving thing, between the cat and mouse game that financial institutions are always playing with fraudsters here.

What are your predictions for those next two, five to ten years as we take a look forward?

Paul Love, Chief Information Security Officer CO-OP Financial Services

Yeah, one of them is fairly easy. I’m very confident that we’re going to continue to see an increase in fraud and data breaches, as payments continue to shift towards mobile and other digital channels. Fraud is going to continue to increase and attackers are going to continue to attack and become more organized and more sophisticated, especially as organizations develop their security protocols.

We’re seeing we are seeing some progress in privacy and data protection laws with the European Union just general data protection regulation GDPR as well as the forthcoming California consumer Privacy Act the CCPA that’s coming around January 2020. But there’s still a long way to go especially in the legislative front to help consumers have more control over their data. So you’re going to see where the control of how data is used, how its managed shift more focus to the actual individual that the information is about rather than giving company’s full latitude.

We’re also going to continue to encounter new and more sophisticated hacking. There’s going to be things five years from now that nobody thought of that or is going to surprise everyone. Hackers are very Innovative in how they look at things. As an information security professional, in our field, we have to continuously try to be in front of them as well as our fraud teams as well. We need to be in front of the different new types of things that we’re going to see. But the best way to combat fraud is fighting fire with fire. And that’s one of the reasons CO-OP is investing in AI technology to help fight fraud. For instance, COOPER as you’ve mentioned which is launching in early 2019 is going to help credit unions detect and fight fraud faster than ever while providing a 360-degree view of the member. So tools like that are really going to help credit unions stay in front of some of the things that we see in the fraud and security range.

 

Learn more about COOPER and other fraud mitigation tools available through CO-OP by visiting: https://www.co-opfs.org/Solutions/Growth-Retention/Fraud-Mitigation

Exit mobile version