As 2016 winds down it is time to start looking ahead to 2017. Recently, Experian, a leading global information systems company, released its 2017 Data Breach Industry Forecast. Below we summarize five upcoming trends from the report that companies should be aware of for 2017.
Like any corporation, credit unions rely on a number of other businesses for materials, support, maintenance and more. Outsourcing these other activities allows credit unions to keep their costs efficient and their resources focused on their core banking functions instead. Because more and more credit unions are out-sourcing activities, the National Credit Union Association (NCUA) has outlined requirements for managing third party relationships.
Detailed under NCUA Letter 07-CU-13, credit unions have to ensure an active balance between seeking efficiencies for improved operations and customer experience versus controlling and preventing risks. The regulations don’t stop outsourcing per se; credit unions can still maintain their contract support just as before. However, the governance of these activities and controls cannot be delegated to a third party. Instead, under the NCUA Letter’s definitions, credit union management has to always be in charge and overseeing all activities. The given credit union also has to be directly in control of its security as well at all phases of financial transactions and operations.
Topics: Financial Institutions
Topics: Financial Institutions
Tesco Bank, a Scotland-based bank and subsidiary of U.K. supermarket giant Tesco, recently blocked all online transactions tied to customers' checking accounts after money was stolen from an estimated 20,000 of those accounts and the bank detected suspicious activity involving another 20,000 accounts, according to CEO Benny Higgins.
On November 9, 2016, the Bank reported that nearly $3 million dollars was stolen from affected accounts, which are operated through an app or online. Customers have reported that sums have been transferred to Spain and Brazil. The Bank said is it first saw signs of fraud on the evening of Nov. 5. Some Tesco customers, taking to the bank's customer service website, have reported that their accounts were unexpectedly drained over the weekend. Others have reported difficulty in being able to connect with telephone-based Tesco call center staff. The Bank has stated that it will refund all accounts for every customer affected by the breach.
If you follow the news cyber-attacks are covered on an almost daily basis. Whether the victim is a mega chain store like Target, an international banking corporation like Chase, or a small-time local main street business, cyber-attacks are now commonplace. All organizations, including non profits, must now consider cyber risk about its governance. Why would non-profits be a viable target? Follow the money. There is no question that non-profits attract financial transactions, and for good reason. These organizations represent the funneling of help and support so that it can be focused into combined efforts toward a beneficial public cause. However, all of that transaction information can be a gold mine for a hacker as well. Donor files, employee files, and credit card information all valuable information to a hacker. The damage of a cyber-attack can be two-fold. Financially the costs of responding and recovering the data lost combined with the loss of potential donor funds represent significant risks to achieving the organizations objectives. In addition, now that the organizations security and that of its donors has been compromised, so to is its reputation.
Each year during tax season, there always seems to be a new data breach or phishing scheme that reminds us how important cybersecurity is to all of us and our Organizations. It’s important to understand the risks associated with these data breaches and some best practices to protect your Organization from further damage.
Regardless of the focus of your not-for-profit, technology is now a part of everyday life and business. And if you collect donations as most not-for-profits do, you probably are collecting and storing, in some capacity, sensitive information that hackers may find very valuable in an attack (such as names, addresses, credit card information, etc.).
Listen to any IT expert when he or she is talking about a cyber-attack and the typical response will be– It’s not a matter of “if”, but “when”.
Symantec, a global internet security company, just released its 2016 Internet Security Threat Report, and the attack trends continue to back up the above statement. Here are some key areas noted in the Report:
BankInfoSecurity's webinar last week titled "State of the Hack" had telling insights into the world of cybersecurity and how the industry is forecasted to change in the coming year.
Protected Identifiable Information
Over the last year, hackers have shifted their focus away from credit card data and toward obtaining personal identifiable information (PII). While major retail hacks dropped over the course of 2015, PII became more vulnerable in large organizations such as the FBI, Trump Hotels, and T-Mobile. Which brings about the biggest concern for 2016 - protecting PII.
But what is Personal Identifiable Information? PII is classified as any information that is personal in nature, social security number, date of birth, previous employers and addresses, or drivers license numbers. This information generally does not change or is extremely difficult to change and as a result, is valuable in the hands of those with malicious intent. With the large numbers of credit and debit cards stolen every year, banks have responded with EMV technology that makes them more difficult to copy. The same cannot be said for PII.
No joke, the headline for this article is factual, correct and happening right now. Experts in the malware field have identified a new hybrid malware known as GozNym which is attacking American and Canadian bank accounts. Spawned from the coding and traits of two previous problem packages, Nymaim and Gozi, this latest virus creation has already been used to steal $4 million.