Report: Nearly half of all credit unions at increased risk of cyberattack

Roughly half of all credit unions and more than half of their vendors could have critical vulnerabilities in their technology that leave them at increased risk of cyberattacks.

That’s according to a new report from Black Kite, a firm that creates cyber risk-rating profiles. The company analyzed the cybersecurity positions of 250 federally insured credit unions and 150 vendors that serve the industry.

The biggest risks, the company said, include vendor weaknesses, a lack of email security and out-of-date computer systems. Cyberattacks on credit unions could result in financial risk ranging from $190,000 for small credit unions to over $1.2 million for larger institutions, according to the report.

“Credit unions are entrusted with the livelihoods of their members. With great trust comes great responsibility to mitigate cybersecurity vulnerabilities, whether they are internal or via a third-party,” Bob Maley, chief security officer for Black Kite, said in a press release. “It is clear that the financial impact of cyber vulnerabilities for both credit unions and their vendors is significant, and resources need to be targeted to protect members and address the most costly areas of risk.”

Black Kite found that as many as 86% of credit unions and 76% of vendors have had at least one employee credential leaked onto the dark web. Leaked credentials are used to deploy ransomware and other sophisticated cyberattacks.

"At the end of the day, thousands of members’ sensitive information can be at risk due to a simple vulnerability," the report said.

The company gave credit unions and industry vendors an average grade of a “B,” meaning breaches would require the skills of “persistent, highly experienced hackers.”

The report went on to recommend that credit unions closely monitor and keep track of sensitive data shared with each vendor, classify vendors according to their industry or the services they provide, and include the number of sensitive records shared with vendors as parameters in their risk-management methodology.

For reprint and licensing requests for this article, click here.
Cyber security Cyber attacks Vendor management Credit unions
MORE FROM AMERICAN BANKER