Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Multiple Layers of Protection Critical to Defending Against Bugs, CU IT Professionals Say
Thursday, April 10, 2014 6:55 AM

A newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and reportedly credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected.

It’s unlike most of the breaches reported over the past few years, in which one Web site or another got hacked or let its guard down. The flaw this time is in code designed to keep servers secure — tens of thousands of servers on which data is stored for thousands of sites. That’s why some experts were calling Heartbleed the worst bug yet.

The bug was found in a type of software called OpenSSL, which is used on servers to encrypt sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable. Through the security flaw, which is said to be one of the most serious uncovered in recent years, Heartbleed can access the contents of a server’s memory where private data is stored.

A fix was reportedly circulated, but it was unclear how quickly and widely it was being implemented.

Curtis Sutton, IT/network manager with First Class American CU, says this is why it’s so important for credit unions to make sure their anti-virus software is up-to-date, and that they have intrusion detection on their network. He says it’s also important that firewalls are up-to-date, and security certificates are valid and up-to-date.

“These are not your neighborhood kids in a garage trying to hack into your system just to see if they can,” adds Joe Mannion, IT manager with Union Square FCU. “These are organized groups that devote an enormous amount of resources toward disrupting businesses, and profiting from their exploitations.”

Mannion has worked in IT for nearly 30 years, and IT professionals today, he says, definitely have to stay on their toes.

“We get hammered daily, but we fortunately have never been breached because we have multiple layers of protection,” notes Mannion. “Businesses today just cannot let their guard down. It only takes one bug to plant itself in a workstation, and from there, the bug can get into the server and siphon out sensitive data.”

Helpful Resources: Technology Consulting & Compliance Services through Credit Union Resources. Available services include:

  • Security Risk Assessment: Evaluate the risk of compromising member information in fulfillment of the NCUA Regulation 748 Appendix A and B to include physical, administrative, and technical security.
  • TR-39 ATM PIN Security Audit (Previously known as a TG-3 PIN Audit): Certified CTGA auditor performs audit focusing on security practices throughout all six phases of the encryption key life cycle: Generation, Distribution, Storage, Usage, Destruction, and Compromise. The evaluation is in fulfillment of the even-numbered year audit requirements by the 3 ATM network processors PULSE, STAR, and NYCE.
  • Information Systems & Technology (IS&T) Assessment: In-depth review a credit union’s overall IS&T systems concentrating on security, audit, information technology, and member services in fulfillment of NCUA’s letter to credit unions 06-CU-10.
  • Security Policy & Program Development: Take a risk-based approach in developing a Security Policy & Program in fulfillment of the NCUA Regulation 748 Appendix A and B to include physical, administrative, and technical security.
  • Security Risk Assessment and Policy & Program Annual Review: Detailed review of the 26 elements associated with the Risk Assessment and Policy & Program in fulfillment with the NCUA Regulation 748 annual review requirements.
  • Network Vulnerability Assessment Testing: Assess current Internet connections to identify points of weakness that leave the credit union exposed to external threats that may be a result from hackers, network viruses and more. Testing is in fulfillment of NCUA’s Letter to Credit Unions, eCommerce Guide to Credit Unions 02-CU-17.
  • Systems Maintenance: This service will help ensure the healthy and efficient performance of your computers and network. We will securely connect to your network and apply all needed software updates, antivirus/anti spyware updates, perform disk cleanup and disk defragmentation tasks, and review event logs to proactively identify potential issues.