#1 Privileged Access will become critical to securing the Internet of Things (IoT)!
We tend to hype certain things when they are new and interesting. Take, for example, the Internet of Things. It’s nothing new and has been around ever since computers became connected with all things and its ability to create security risk is huge.
What has changed are the type of functions of the devices that get connected; the tasks they carry out. Whereas in the past it was computers that had the ability to be programmed or changed to carry out different functions. Whether it be a web application or some type of financial application, today’s devices and hardware are carrying out more specific functions, more targeted, simple tasks, and opening more RISK for Credit Unions!
#2 Ransomware is set to cause even more sleepless nights!
Ransomware is getting more sophisticated. It is evading even the most advanced email security solutions and creating more devastating consequences. What’s more, current security solutions start detecting ransomware attacks only hours after they are executed which is often more than enough time for the damage to be done. The only defense is an effective offense, meaning near real-time data deduplication off site is a must. This typically requires a project consuming time, money, and resources or partnering to outsource this function with someone that truly understands Financial Technical Requirements that Credit Unions must comply with and mitigate against.
#3 The risk associated with phishing attacks will be security executives’ top concern!
We hear it all the time. Security professionals from across the board are looking for solutions to solve the growing risk of phishing attacks. A year ago, malware was generally perceived to be the greatest threat facing businesses. As we enter 2020, phishing attacks are the main concern.
Today, many Credit Unions look to enhance their email security with the goal of blocking phishing attacks before they infiltrate the perimeter. The bad guys can buy “Phishing Kits” which are available on the dark web, along with lists of compromised credentials for targeted attacks, meaning that the volume and sophistication of phishing attacks will increase too. Data breaches for financial fraud by a phishing attack can have dire consequences for Credit Unions of all sizes. To put this into perspective, according to Verizon 2019 DBIR, phishing is the number one cause of ALL data breaches.
#4 The urgency of detecting threats immediately will rise!
Once a threat is delivered, the clock starts ticking. It takes hours and most often days for data-driven security solutions to detect never-before-seen threats. Credit Unions are going to be increasingly less tolerant of this latency period.
The timeframe in which attacks have the most devastating impact on their victims is from the moment the malicious payload is released until detection by security solutions. Since it often takes a few hours (or sometimes much longer) for even the most sophisticated security solutions to detect new, never-before-seen attacks, the threat and severity of a successful hack is typically determined within the first few hours. An effective, fully curated Security Information Event Management (SIEM) system will be imperative along with an effective perimeter security intelligence to block attacks coupled with an Intrusion Prevision System (IPS).
#5 Known exploits and existing vulnerabilities will be used by hackers!
Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals, yet a lack of rigor in security practices and the lack of patching systems will leave Credit Unions vulnerable. Credit Unions must pay attention to the vulnerabilities and patch the systems and applications in a timely matter to avoid the imminent threat of being an easy target. Simply put, this should be mandated by any Cybersecurity Program or IT Management oversight staff or committee a Credit Union has in place.