Credit union criticized for their response to online hack…
According to Credit Union Times, on February 23, 2016, Brian Krebs from Krebs on Security, reported to Coast Central Credit Union that their website had been hacked He stated he shared with the company who he was, how he found the hack, and what they could do to fix it. Unfortunately, they did not believe Krebs.
Two days after he reported the attack, the website remained hacked. On February 25, 2016, the credit union took down their site to patch the backdoor entrance that the scammers installed. It is not believed the scammers obtained any personal information; however the possibility was certainly present.
PC Pitstop’s Vice President of Cybersecurity, Dodi Glenn, shared a statement with the Credit Union Times regarding this matter,
“This [Krebs] article really shows that Coast Central Credit Union does not/did not have a plan in place in the event of a breach. Not only do they not have the lines of communication in place, they also have not trained employees what to look for or who to go to.”
Not only is it important for companies of all shapes and sizes to have the proper breach prevention and detection processes, but also adequate disaster recovery plans in the event of a breach. Employees must know the process to follow if a security breach occurs. Unfortunately, disaster recovery plans are a rarity. Company executives tend to believe that breaches won’t happen in their company because they have security controls in place, when in reality it’s quite possible.
Scammers are getting smarter and working around whatever vulnerability they may find. It is imperative each company have a disaster recovery plan in place, and all employees are aware of their responsibilities if implementation was necessary.