Anyone involved in the financial services industry knows the importance of cybersecurity, but the recently revealed Carbanak data breach that affected 100 banks around the globe demonstrated how ineffective cybersecurity systems were at many financial institutions. This should provide a warning for credit union executives. While the most publicized digital attacks strike the biggest movers in the financial world, no organization is safe from computer breaches.
An attack that rocked the financial world
Kaspersky Labs discovered the Carbanak cyberattack and revealed its findings on Feb. 16, 2015. Since then, more details about the hack have flooded the Internet, and it has become increasingly clear that this attack was not particularly sophisticated or unique.
The Carbanak cybercriminal gang behind the attack used phishing strategies to enter financial institutions' IT systems. Phishing attacks are common, and involve emails that appear to be from a legitimate source. Victims mistake this email for an official communication, and supply their personal login information to the criminals or surreptitiously install dangerous software on their computers. The hackers targeted over 100 banks with these emails, and the group used the information it obtained to extract approximately $1 billion over two years.
Lessons for credit unions
While the amount of money stolen by this group is staggering, the attacks were relatively unremarkable. People are targeted by phishing scams every day, though it's rare for hackers to parlay those attacks into heists on this scale. This story demonstrates the pressing need for improved employee education, which can help defend against phishing and other hacking efforts.
A credit union's staff provides the first line of defense against cybercriminals. These are the individuals who can recognize a phishing email or note irregular account activity. Many cyberattacks require some degree of employee cooperation that provides the hackers access to internal systems. By training employees to identify hackers' methods, a credit union can better protect itself from all but the most tenacious hackers.
Cybercrime will be an unfortunate part of life for any financial service provider, and credit unions are no different. Because credit unions are generally smaller than banks, they may be hit harder by a digital attack. The most recent data from the Credit Union National Association reported the average credit union held $148.8 million in assets, while banks had $2.19 billion on average. Investing in education and security measures before an attack hits could help a credit union avoid an expensive recovery.