Staff education is critical to financial institutions'cybersecurity efforts, as the most common way hackers break into anetwork is to steal valid login credentials, according to NickRoberts, technical research and marketing managerfor DefenseStorm.

Adding to the cybersecurity challenge? Some 93% of phishingemails include ransomware.

The bulk of attacks come from hackers in China, Russia, NorthKorea and Ukraine, Roberts said.

The most common type of attacks include phishing, a major sourceof consternation and difficulty for firms, Roberts said, andmalware, which is still another popular attack sector.

Join us at the new Credit Union Times Fraud:Don't Let It Happen To Your Credit UnionConference, whereyou will find the latest tools and techniques for preventing fraudand data breaches; strategies for responding in the immediateaftermath and best practices for restoring reputation, financialstability and information security . This two-day conferenceis designed for credit union executives, board of directors andthose responsible for your credit unions cyber securitypolicy. Registerto attend and save $150.

Outdated machines

Misconfigured and outdated machines are also a threat.

“Obviously, updating machines and making sure they're runningthe most recent version of software is important, but hackers alsounderstand they can build a database of machines that are outdatedand misconfigured,” Roberts said. “If you're not updating thosemachines or you're not configuring them properly, they're going tobe exploited.”

Michael Oldright, security engineer at DefenseStorm, suggestedfirms with limited resources to devote to updating their technologyinfrastructure segregate outdated systems on a virtual LAN ornetwork segment. Whitelisting can also help identify specificsystems that have been tested and are known to be safe.

Microsoft's Enhanced Mitigation ExperienceToolkit disables buffer overflow attacks, Oldright suggested,“but it can be kind of difficult to implement. You have to do a lotof testing [and] it can cause some problems for applications.”

Firms may also need to limit internet access on outdatedmachines, and increase patch updates and logging frequency, hesaid.

Hackers scannetworks for vulnerabilities

Attacks don't need to be sophisticated, Roberts said. Aso-called zero-day attack is when a hacker exploits a previouslyunknown hole in a target's software before the vendor can fixit.

“We don't need a complicated zero-day to get access to thenetwork or to get access to your bank,” he said. “In fact, evenjust physical access is easy still; getting access to a financialinstitution and walking in by impersonating a repairman.”

Some small financial institutions may feel like their sizeprotects them from hackers, but Roberts said “that is categoricallyuntrue.” Hackers are scanning networks for vulnerabilities,regardless of where they are located or how many assets they canpotentially access.

Traditionally, firms used signature-detection tools, such asantivirus and antimalware tools, threat matching, block lists,intrusion defense and prevention systems, and reputation-basedsignature detection to identify threats.

These tools rely on events that have already happened and beenreported to block threats, and on their own are inadequate.

“Today's landscape requires much more than a signature-basedapproach to detection,” Roberts said. “The effectiveness ofthese signature-based detection methods depends on how often thecybercriminal is evolving their approach from something that isknown to unknown.”

New toolsfor detection

New tools for detection include anomalous activity detection,which builds a baseline of user activity and looks for eventsoutside of normal activity.

For example, say an employee who typically works from 8 to 5appears to log in to the network at 3 a.m.

Roberts said, “Why is Steve logged in at 3 in the morning? Doessomebody have access to his credentials or is Steve logged in at 3in the morning because he's at the office downloading files to aUSB drive because he's stealing data from the network?”

Daily tasks should include reviewing activity for new incidentsand abnormal data flows, Oldright suggested. Firms need a way toquickly escalate issues when they're identified.

After finding a threat, firms should block the IP address on thefirewall and isolate the host, but this is also a good time toeducate users, Oldright said.

Steps forprevention

Steps for prevention include internal penetration tests,restricting access to certain administrators, and monitoring guestand wireless networks. Firms should have the same policies that goon their production networks on guest networks and monitor them forbreaches, Oldright said.

Firms should also audit user logins and service accounts todelete accounts from former or temporary workers, including anytest or demo accounts that may have been set up for newsoftware.

Finally, firms should conduct regular scans forvulnerabilities.

“If you haven't already done so, you want to implement avulnerability management program,” Oldright said, suchas Nessus or Pwnie Express. He recommendedconducting weekly scans and downloading patches as they becomeavailable.

Join us at the new Credit Union Times Fraud:Don't Let It Happen To Your Credit UnionConference, whereyou will find the latest tools and techniques for preventing fraudand data breaches; strategies for responding in the immediateaftermath and best practices for restoring reputation, financialstability and information security . This two-day conferenceis designed for credit union executives, board of directors andthose responsible for your credit unions cyber securitypolicy. Registerto attend and save $150.