ORLANDO, Fla.–Technology execs were given a top 10 list of things that are making life even easier for hackers in penetrating credit union systems.
During the joint meeting of the CUNA Operations, Sales and Service Council and the CUNA Technology Council here, David Anderson of CliftonLarsonAllen, Minneapolis, shared the 10 ways credit unions are inadvertently making it easy for hackers to break into their systems and steal information and other data. Anderson said he drew the list from experiences and insights gathered over the last three years as he and CliftonLarsonAllen performed audits at financial institutions.
The top 10 list:
- Giving users local admin privileges.
- Domain admins don’t have separate user account.
- Domain admins log into workstations.
- Weak passwords.
- Shared passwords.
- Poor patching.
- Unnecessary ports and services.
- Weak/no encryption.
- Vendor systems.
- Lack of security awareness.
“Organizations have done a pretty good job with the principle of least privilege,” said Anderson. “But as an attacker I just have to find that one system running that solution where the vendor hasn’t updated the admin access. It’s pretty easy to find that system on the network, and once I do the risk of things I can do on that network greatly increases. That puts you in a tough spot. You have to work with your vendors to understand the risks and develop a plan to move forward so you can get software updated so it doesn’t require admin privileges.”
CUToday.info will be providing more detailed reporting on each of the 10 vulnerabilities.