Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya.

Slides:



Advertisements
Similar presentations
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Advertisements

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
7 Effective Habits when using the Internet Philip O’Kane 1.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.
INTRODUCTION & QUESTIONS.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
3 Do you monitor for unauthorized intrusion activity?
Done by… Hanoof Al-Khaldi Information Assurance
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Learn how to protect yourself against common attacks
Identity theft vector of the electronic age
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
Melissa McBee Anderson Ethan Via Federal Bureau of Investigations
IT Security  .
CYBERSECURITY By Salomon Frangieh CISBC.
Information Security.
Cyber Crime What’s all the fuss about?
Cyber Security & IT: What’s Next?
Data Compromises: A Tax Practitioners “Nightmare”
Trends in Ransomware Distribution
Tackling Cyber threats together
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them David Hood Director of Technology Marketing.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Phishing is a form of social engineering that attempts to steal sensitive information.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Forensics Week 11.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Lesson 2- Protecting Yourself Online
CSI Survey 2007 Tiffany Gorman
Cybersecurity Awareness
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Robert Leonard Information Security Manager Hamilton
Mary Kummer Jim McNall PRIMA Spring Training 2018
4 ways to stay safe online 1. Avoid viruses and phishing scams
Risk of the Internet At Home
Cyber Issues Facing Medical Practice Managers
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Curating an Effective Security Culture
Network Security Best Practices
David J. Carter, CISO Commonwealth Office of Technology
Keeping your data, money & reputation safe
Top Ten Cyber Security Hygiene Tips
Anatomy of a Large Scale Attack
Bethesda Cybersecurity Club
Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino
Business Compromise and Cyber Threat
Tackling Cyber threats together
Premier Employee Program Version 4.0
What is Phishing? Pronounced “Fishing”
Scenario Discussion.
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Cybersecurity Simplified: Phishing
Presentation transcript:

Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya Corporate FCU

Agenda Current Cybersecurity Landscape What You Can Do to Protect Your Credit Union & Members What the Future Holds (Hint: Wash, Rinse, Repeat)

Everything Old Is New Again Analyzed current cybersecurity investigative reports from FBI and large security services provider What we learned: Small businesses are primary targets Ransomware is on the rise Phishing attacks continue to dominate The human factor continues to be a weakness

Cybersecurity Threats The threats below accounted for nearly 2/3 of all security incidents at financial institutions: Ransomware Financial Malware Phishing and Business Email Compromise

Who Are The Perpetrators Nearly 75% of attacks were by outsiders Generally, members of small criminal organizations Small percentage of nation states (comparatively) Remaining 25% were insiders Difficult to detect a legitimate user who is stealing your data (Honest) mistakes happen; nearly 20% of incidents caused by insiders were accidental

Data Breach Costs

How Much Is This Going To Cost? Reputational damage Members leaving the credit union Everyday, operational costs (you still need to run your credit union!) Consider a Cyber Insurance Policy

Who Are The Victims? The short answer is EVERYONE Senior citizens experienced the greatest losses: What is the member demographic of your credit union?

Top 10 States By Number Of Victims Combined NJ, NY and PA rank second highest in country

Top 10 Sates By Victim Loss Source: 2017 IC3 Report

Top 10 Crimes

Types Of Crimes

Ransomware Malicious software installed on your computer often via phishing emails Encrypts data on your computer or network Must pay a ransom for decryption key!

Hackers Most Preferred Method Email is the primary way to conduct business AND is the primary attack method used to: Commit fraud Steal your identity Install ransomware Steal personal account information Capture your online credentials

Phishing/Business Email Compromise Emails that appear to be from legitimate institutions NACHA, Amazon, FedEx, Microsoft, LinkedIn, Facebook, etc. Entice you to click on link or attachment 4% of users will always click! Business Email Compromise (BEC) Spoof company email accounts and impersonate executives Use hacked email accounts of your vendors to send invoices to AP department

Not a real Amazon.com email address More links… Clicking on any of the links in this email could result in malware being installed on your computer, credential theft, and account takeover

Not a valid Microsoft.com email address Includes link to click on Safety Tip: Hovering over the link will show you the actual website you will be direct to. It’s not Microsoft!

BEC Is On The Rise July 2018 FBI issues PSA regarding BEC Asian banks primary destination of funds Since 2013 $12 billion in losses worldwide Nearly $3 billion from U.S. victims More than half of that amount was during the previous 18 months

Business Email Compromise Who are the targets?

Business Email Compromise Ransomware is on the rise Phishing attacks continue to dominate The human factor continues to be a weakness

Generic. There is no contact number, email address, etc. To prevent spoofing, Alloya tags all emails that originate from outside of the organization Hovering over the link shows you the actual website you will be visiting. Generic. There is no contact number, email address, etc. Staff should be instructed to call a verified number to validate

Include Link which would ask for me to sign in with my account credentials

Possible Initiatives To Enhance Cybersecurity Upgrade systems and third-party tools Move (carefully and with a lot of thought) additional systems and applications to the Cloud Increase member and staff education Further restrict non-business use of credit union systems

How To Inform Members And Staff About Cybersecurity Newsletters Postings on website Email blasts In person (at branch or in office)

Low Cost, High Impact Protection/Prevention Security awareness costs nothing and can save big $$$ Inform staff about the dangers of phishing and BEC. Advise staff that they should contact the requestor (even the CEO) via phone or in person (not via email!) to verify a request. Use known and verified contact numbers. Security awareness culture starts at the top. Be aware of your online presence. Your LinkedIn profile can make you a potential target.

Protection/Prevention Continuous security training at Alloya: Annually Online, one hour session required for everyone Periodically Online, short five-minute sessions Send email notifications and reminders Test users by sending phishing emails Results: We have seen significant and measurable improvements: Understanding danger and their security role Ability to detect phishing and business email compromise scams

Protection/Prevention Do not allow users to install software. Email is for work purposes only. Do not tie your personal business (Amazon, Apple, personal banking) to your work email address. Patch systems quickly. Use and UPDATE your anti-virus software, use anti-malware software. Newer AV uses AI for increased protection.

What’s Around The Corner? It is expected that current threats facing financial institutions will continue to make up majority of incidents. Ransomware will continue to be a growing threat. Low cost; hackers make money by asking for money Virtual currency payments Social engineering via: Business Email Compromise Phishing! Phone and Text

Free Cybersecurity Resources NCUA Cybersecurity: https://www.ncua.gov/regulation-supervision/regulatory-compliance-resources/cybersecurity-resources Phishing: http://www.antiphishing.org Center For Internet Security: https://www.cisecurity.org/resources/newsletter/ SANS: https://www.sans.org/security-awareness-training/ouch-newsletter Premier View! We regularly post alerts regarding the latest security topics. https://premierview.alloyacorp.org

Thank you! Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity & Information Assurance (518) 292-3846 Dean.Choudhri@alloyacorp.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.