From the editor
I’ve been hearing about the “dark web” for a few years. In the past, it had always seemed like something out of a James Bond or Mission Impossible movie—or a place where Lisbeth Salandar (of The Girl With the Dragon Tattoo books) would hang out. And then recently, it became very real.
In March, a group of about 30 credit union folks gathered at the headquarters of $2.7 billion Apple Federal Credit Union in Fairfax, Virginia, for a discussion of cybersecurity best practices. At the event, Seth Jaffe, general counsel and VP/incident response for CUES strategic partner LEO Cyber Security, Dallas, took us on a tour of the dark web—the black market of the internet. (Jaffe started the tour by saying, “Do not try this at home unless you know what you are doing!”—a very wise disclaimer that I will echo here.)
What wasn’t surprising about the dark web: The items for sale include credit card numbers, tax records and Social Security numbers.
What was surprising about the dark web: Many of these items are available for purchase at extremely low prices! One seller had Social Security numbers for $1 a piece if you bought at least nine. Tax records were going for $7.99 each. ATM malware cost $5,000 and ransomware just $49. There was even a 10 pack of “low security credit union bank records” for a mere $400.
Even more surprising? How e-commerce-y the sites were. Many sellers offered support and money-back guarantees! Someone was selling a PIN skimmer at a holiday discount. And each seller had scores and feedback, just like an Amazon marketplace vendor.
The exercise highlighted just how important it is for credit unions to be super vigilant about cybersecurity. The threats are coming from all sides: external, internal, and through gaps in your third-party relationships or cloud-based services. Add in nation-state-sponsored attacks, and it’s not surprising that cybersecurity is keeping us all up at night. In our cover story this month, I hope you will find some actionable tips for developing a strong culture of security. Read more in “Keep Your Guard Up,” and a companion article about the dark web.
On a completely unrelated note, I hope that you will join me and your CUES member peers in a new offering through CUESNet™, our revamped members-only forum. Starting in May, we’ll be participating in the Pathway of the Quarter: Change Agility. Using a learning pathway from CUES Learning Portal, we will study change management and discuss what we learn in a CUESNet community. Simply visit cuesnet.cues.org and look under “Communities” to access this benefit of your membership.
I hope to see you there!
YOUR THOUGHTS: Has your credit union conducted a cybersecurity business impact analysis?