Pub. 9 2014-2015 Issue 4

www.nebankers.org 26 Extraordinary Service for Extraordinary Members. The EFT You can TRUST NetWorks is the Electronic Funds Transfer (EFT) service provider that Nebraskans have used and learned to trust like family for over 30 years. Our highly experienced staff is extremely knowledgeable and resourceful when it comes to assisting your institution. Give us a call to learn more about our services, you’ll have the opportunity to talk to someone who truly cares about and understands your EFT service needs. www.netseft.com Toll Free 800-735-6833 Local 402-434-8202 Here Comes the Social Engineer! One of the easiest ways for an exter- nal attacker to gain an internal foothold into an organization is through Social Engineering. The most sophisticated firewall, intrusion prevention system, etc. can be completely undermined by one person clicking on a malicious link in an email. Once an internal host is infected through Social Engineer- ing, an external attacker now has the ability to look for vulnerable systems internally—whether that vulnerability be Heartbleed or Shellshock. What makes this particularly scary is that of all Phishing Assessments per- formed by Secure Banking Solutions, 21 percent of all assessed individuals clicked on a “malicious link.” If we assumed that just one click on a “mali- cious link” indicates an assessment- wide failure (because all it takes is one), then 82 percent of all financial institu- tions assessed failed a Phishing Assess- ment. This means financial institutions cannot and should not leave unpatched instances of these major vulnerabilities within their Local Area Network under the assumption that they are no longer susceptible because these devices are not externally facing. So, What Should I Do? All financial institutions should im- mediately take the following steps to protect themselves from Shellshock: 1. Determine if Shellshock ex- ists within your internal and external network. If you feel you don’t possess the skills to perform these assessments, contact your trusted third party or Secure Banking Solutions. 2. If any instances of Shellshock exist within your internal or external network, patch all affected systems as soon as op- erationally possible. 3. Contact your critical IT vendors and ensure they aren’t suscep- tible to the Shellshock bug. Why Does Vendor Management Matter? Given that most Core Banking and Internet Banking Systems tend to run on a potentially vulnerable version of Linux, BSD, or Unix systems, it’s im- portant to ensure your customers’ data remains safe. Remember, just because you’ve outsourced the management of these critical systems that store, process, and transact your customers’ data does not mean you outsourced the responsibility to protect it! Summing It Up Shellshock is a real and present dan- ger to financial institutions, as it is be- ing actively exploited across the globe. When exploited, it creates greater op- portunity for cybercriminals and poses  Real and Present Danger — continued from page 25