The Credit Union Cybercrime Crisis
Hackers love credit unions.
Every Business is Vulnerable to Hackers, But Credit Unions are More Vulnerable Than Most
Most credit unions are smaller than banks. Therefore, they have fewer resources. Their cybersecurity budgets are smaller. Their in-house IT staff is smaller. They don’t have the latest training to safeguard credit unions against cyberthreats. That forces them to depend more on outsourcing their security needs.
Sometimes, like the credit union in this article, they don’t believe they’ve been hacked even when they’ve been informed. How many credit unions are being slowly bled of cash, and they don’t even realize it? In that case, the hackers set up a back door and apparently used the site for spamming. They were able to access the credit union’s site through Akeeba Backup, an out-of-date component of Joomla. However, even many ordinary users of WordPress know that keeping it and all plugins up-to-date is critical for security. Shouldn’t IT staff responsible for the money of a credit union with 60,000 customers keep all its components up to date? That illustrates how credit unions are vulnerable.
Credit unions, like banks, have money to steal. Like the bank robber Willie Sutton, criminal hackers go where the money is. And they also have plenty of sensitive, personal, and valuable, information on their customers.
Last year, Chinese hackers stole money from the account of a credit union, according to Fox 4 KC.
Credit union customers expect and demand the same online services the banks provide. They want to bank and pay bills online. They want to see their financial statements on their mobile devices.
For hackers who want to grab money by the handful, or the personal identifying information of many customers of financial institutions, credit unions are the low-hanging fruit.
A credit union was the target of the largest breach of personal data in United States history, according to CBS News.
This Slideshare explains the risks for credit unions well.
A Breach Can Cost a Lot More Than Prevention
IBM has been sponsoring regular cost of data breach studies to determine how much they are costing the victim organizations. The Ponemon Institute carries out the studies independently.
They recently released the 11th Cost of Data Breach Study. Ponemon interviewed IT security experts in 383 organizations in 12 countries about the result of actual data loss incidents. The report found the cost of a data breach has gone from $3.8 million to $4 million. Broken down, that’s a cost per lost or stolen record that went up from $154 to $158.
The global study determined the odds of a particular enterprise suffering a breach that affects at least 10,000 lost or stolen records within the next 2 years at 26%. That’s just over 1 chance in 4. And that’s for all organizations, including larger businesses in less attractive industries.
A Public Relations Nightmare
If you discover a breach, you must hire professionals to track and detect the amount of the damage. The forensics, legal actions, regulatory reports and letting your customers know accounts for 59% of the cost of the breach. You must also set up hotlines and help your members monitor their credit reports.
How much money will you lose when the word gets out, and your customers close their accounts?
The Sooner You Discover the Breach, the Better
The Ponemon study also concluded that the longer data breaches continue before someone discovers and fixes them, the more expensive they are.
Breaches discovered within 100 days cost $3.23 million. Breaches not discovered for over 100 days cost $4.38 million. Even so, most breaches were not discovered for over 200 days, and took 70 days to contain.
Credit unions can visit IBM’s Data Breach Risk Calculator to evaluate their risk.
Contact the Art + Design Media Research Laboratory for other ways of exploring how technology is changing the world around us. It makes possible not only the cybercrime threatening credit unions, but also enables beautiful and function design.