Quantcast
Friday, October 31, 2014
Technology

Cybercriminals Homing Into Small CUs With DDoS Attacks: NCUA

MAY 15, 2014 3:09pm ET
Print
Email
Reprints
Comment
Twitter
LinkedIn
Facebook
Google+

DETROIT Though NCUA has not focused much attention on cybersecurity at small credit unions, these institutions are no longer off the radar for criminals and hackers who are now homing in with distributed denial of service otherwise known as DDoS attacks.

"They've begun to look at [small] credit unions, and if you're not sophisticated, they will try to attack you," said Larry Schoeberl, an NCUA supervisory analyst at the Annual Conference of the National Federation of Community Development Credit Unions here on Thursday.

And while NCUA has made cybersecurity risk an area of focus for 2014, the agency will not be requiring any particular certifications to ensure that credit unions meet specific security standards.

Schoeberl said that rather than look for specific certification, the regulator will ask CUs to show contracts and other measures they have taken to ensure vendor due diligence in these areas.

Vendor due diligence will also protect members against card breaches, according to Schoeberl, adding that the agency will be looking for strong password processes, along with proper patch management, network monitoring and more.

He noted that despite the fact that small CUs ($50 million in assets or less) constitute a tiny portion of the overall asset value within the credit union community, they occupy 40% of the agency's time.

They also represent less than 25% of total losses, though the number of small credit unions has shrunk by nearly 50% in the last decade, from nearly 8,000 to about 4,400 today, Schoeberl said.

Small CUs must be aware of the risks around members engaged in money-services businesses such as check cashing, currency dealerships and others, he added.

That includes being aware not only of reputational risks, but also being cognizant of the possibility of money laundering or the fact that high levels of transactions could be covering up illegal activity.

NCUA examiners will look to determine whether credit unions have identified all MSB members and conducted risk assessments for those members to determine risk levels and when enhanced due diligence may be necessary, according to Schoeberl.

JOIN THE DISCUSSION

SEE MORE IN

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Nov 19 - 21 | 19th Annual Small Business Banking Conference

Trump National Doral
Miami, FL
More Info

Apr 08 - 10 | Card Forum & Expo

Chicago Downtown Marriott
Chicago, IL
More Info

Already a subscriber? Log in here
Please note you must now log in with your email address and password.