It looks like Russian hackers are back at it. Due to this threat, NCUA and several federal agencies have issued cybersecurity alerts for financial institutions. During the pandemic, financial institutions discovered that the ability for employees to work remotely and securely is essential.
Financial institutions should therefore be more prepared for potential hacks, given the new security infrastructure many have invested in. While some smaller credit unions don't have the same resources as larger institutions to harden their infrastructure, that doesn't mean they haven't improved. By following cybersecurity best practices, smaller institutions are also better prepared for potential attacks.
On February 1, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity alert, which we've posted below:
"The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has recently issued two alerts addressing risks from Russian State-Sponsored cyber threats and highlighting recent malicious cyber incidents suffered by public and private entities in Ukraine.
Given current geopolitical events, the National Credit Union Administration (NCUA), along with CISA, the Federal Bureau of Investigation, and the National Security Agency encourage credit unions and their cybersecurity teams nationwide to adopt a heightened state of awareness and to conduct proactive threat hunting. In addition, COVID-related supply chain disruptions may require management to reevaluate previously held assumptions for business continuity and disaster recovery plans.
Credit union leadership should be aware of critical cyber risks and take urgent steps to reduce the likelihood and impact of a potentially damaging compromise.
We highly encourage you to review the two CISA issuances and act on the applicable recommendations. It is crucial that your organization does its part to improve its resilience, reducing the risk of compromise or severe business degradation."
Knowing that a real threat is current, it's a great time for financial institutions to go over their cybersecurity best practices and preparedness.
Federally insured credit unions can evaluate their security posture using NCUA's Automated Cybersecurity Evaluation Toolbox (ACET).