Last year we saw a continuing upward trajectory for cyber-attacks and incidents, many of which target victims are still trying to learn and recover from. With the persistence of cyber threats, growing concerns, and increased regulatory scrutiny, BTG recommends credit unions put plans in action to address the following cybersecurity priorities.
AI and Deepfakes
Using generative AI tools, we expect an increase in sophisticated social engineering attacks in which cyber criminals can create convincing emails, execute phone calls, and communicate other spoofed content. Social engineering is seen as the first attack in tricking targets into inadvertently sharing sensitive information or access, which can then lead to ransomware attacks or data compromise. Information security awareness training and comprehensive social engineering testing should be completed more frequently to include both employees and Board members.
Third Party and Vendor Cyberattacks
One of the biggest cyberattacks occurred in 2023 involving a third party software vendor, which compromised the data of more than 2,000 organizations and affected more than 62 million people globally. In 2024, cyber criminals will continue to find and exploit vulnerabilities within suppliers and software vendors. Oversight of third party relationships should be enhanced to ensure vendors with access to sensitive data have cybersecurity and vulnerability testing programs in place, and routinely provide results of testing to the credit union.
Vulnerabilities in Network Infrastructure
Cyber criminals are aware of known vulnerabilities that can be exploited within commonly used software and systems, including cloud services and VPN solutions. In fact, many hackers may run the same network scanning and audit tools to identify vulnerabilities before their targets realize there is a problem. Credit unions should run more frequent vulnerability scans and penetration tests to identify and resolve weaknesses in critical network systems and solutions before cyber criminals can exploit them!
Geopolitical Tensions Contributing to Cyberattacks
We predict an increase in disruptive attacks on critical industries due to geopolitical tensions with Russia and China, including an increase in misinformation and influence campaigns resulting from the war in Israel and Gaza. Credit unions should ensure there are clear responsibilities and requirements in place while implementing and managing a cyber threat intelligence program, which is key in identifying and planning for potential disruptions and cyberattacks within the industry.
These are just a few of the cybersecurity priorities in 2024, and we encourage credit unions to contact BTG with any additional questions or concerns that your organization may have in planning and managing your cybersecurity and resiliency program. Contact Elisabeth N. Esposito, VP of Professional Services at eesposito@buckleytechgroup.com for more information on BTG services and solutions that can help mitigate cybersecurity threats and concerns including: Information Security Awareness Training presentations, Social Engineering Tests, Vendor Management software and managed solutions, Network Vulnerability and Penetration Testing, and Cybersecurity Program development.