Pub. 11 2016-2017 Issue 5

January/February 2017 Extraordinary Service for Extraordinary Members. WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.w alentineotoole .com 402.330.6300 11240 Davenport St . • Omaha, NE 68154-0125 Ransomware is another popular at- tack that is becoming easier to automate through crime-as-a-service. A software product called “Ransom32” allows any- one to kick off their own ransomware campaign by simply registering for a bitcoin account. The “customer” simply uses his bitcoin credentials to sign up for the ransomware service, configure the style and type of attack he wishes to send, and then start sending the malware. Bad guys also set up call centers to support online dating scams (the call centermakes calls to victims pretending to be the love of their life), ransomware (victims purchase bitcoins and decrypt files, ensuring the victim recovers so the fraud continues to propagate), and reshipping scams (stolen credit cards are used to purchase expensive items online, ship such items to “mules” at other addresses, then resell the mer- chandise). Call centers charge fees to assist in cybercrime activities, ranging from $10 a phone call to ongoing fees for extended scams. HowDoesCrime-as-a-Service Affect My Institution? Financial institutions must look for cybercrime from multiple angles, specifically being aware of potential at- tacks on both employees and customers. Institutions must be very cognizant of and continuouslymonitor their internal networks for unauthorized traffic and unknown files. Once in the network, cyberattacks attempt to remain unde- tected while gathering information or gaining access to funds, but red flags typically exist if you’re paying close attention. It’s extremely important to be able to detect an attack that is occurring, not just attempt to prevent or recover from an attack. Getting transferred funds returned is much more difficult than stopping an attack from leaving the network. Monitoring customer transac- tions is also extraordinarily important to combat identity theft. Setting transaction limits, implementing two- factor authentication, and developing payment whitelists are very effective controls tomitigate the risk of customer fraud. The last thing to keep in mind is that training and education reduces the risk for everyone involved. It is no longer acceptable to have employees watch a 60-minute video on phishing once a year; financial institutions must provide ongoing, relevant, and useful training and education to their employees on an ongoing basis, and consider leveraging such training and education for custom- ers as well.  SBS CyberSecurity offers numerous services and products to help you better protect your financial institutions, including Cybersecurity Retainer, which includes Incident Response consulting, digital forensics, temporary staffing, and security awareness training in the event of an attack or incident. For more information, visit www.sbscyber. com, or contact Jon Waldman at SBS CyberSecurity at (605) 380-8897 or jon. waldman@sbscyber.com . For additional details on cybercrime and what you can do to protect your bank from attacks, the SBS Institute offers bank-specific, role-based Cybersecurity Certification Programs on numerous topics. Check out the SBS Institute Certification Programs, including the Vulnerability Assessor or Ethical Hacker Certifications, at sbscyber.com/sbsinstitute/certifications.