Day 2 of Cybersecurity Symposium
looks at hacking, payments, assessment tool
AUG. 25, 2015 -- “Password guessing” and theft of passwords through network domain name servers (DNS) and broadcast protocols are two of the techniques hackers use to attack and infiltrate computer networks, an anti-hacking expert showed participants in day two of the NASCUS/CUNA Cybersecurity Symposium.
Brandon Henry of TrustCC provided a hacking demonstration for the participants at the Denver meeting (which got underway Monday, Aug. 24), and discussed tips for detecting and resolving attempted hacks, which included:
- Look at your broadcast traffic, know it;
- Enforce the Microsoft NT LAN Manager version 2 (NTLMv2) authentication protocol, or – if possible – use open-sourced Kerberos authentication;
- Do not give users local administration rights;
- Enforcement by networks of SMB (Server Message Block) security signing protocol (which “signs” data at the packet level).
In other presentations at day two of the symposium:
- Mark Berman of Horsetail Tech outlined “what credit union board members need to know” about cybersecurity, urging credit union boards to simplify their response to any security lapses, talk strategy (not solutions) in addressing future lapses, and ensure that the IT staff and board are speaking the same language in addressing the strategy (i.e., tech talk versus business talk).
- Jay Isaacson of CUNA Mutual Group gave an overview of the vulnerabilities of “chip and PIN,” Apple Pay and other aspects of the evolving payments system. He noted that member convenience, fraud, and technology investments should be considered in a credit union’s strategic plan when considering adopting new payments systems methods (as well as the inherent risks of the new methods) – but, no matter what new methods are selected, fraudsters will continue to focus on the weakest links.
- Neil Archibald of Members Trust Company urged the group to ensure that vendor due diligence is a central feature of a credit union’s compliance management and cybersecurity program, noting that an ongoing assessment by a credit union of the purpose, structure, and execution of vendor relationships is vital to safeguarding member information in a shared environment.
- Tim Segerson, deputy director for examination and insurance at NCUA, provided a two-hour overview of how NCUA plans to incorporate the new FFIEC “cyber assessment tool” into its exam procedures.
The conference concluded Tuesday.