Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity Improve server networks to avoid hackers
SAN DIEGO (7/8/08)--Credit unions need to place their ATM servers onto secured private segments on their networks to avoid hackers, said TraceSecurity Chief Technology Officer Jim Stickley. Placing the servers on different networks is “not expensive,” Stickley told News Now. “It’s easy to do. But people ignore it and it comes back to bite them.” Credit unions are more likely than other financial institutions to keep their information on the same networks. About 90% of credit unions that Stickley has worked with are set up that way, he said. “Financial institutions need to do a much better job setting up their network infrastructure,” Stickley said. “Many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case.” Credit unions also should monitor their logs “for anything that falls out of the norm.” TraceSecurity disclosed last week that Citibank customers whose funds were hacked through a connection between ATMs and third parties processing their personal identification number codes are just “the tip of the iceberg” when it comes to the overall security and compliance of the networks that process ATM transactions. “Most peoples’ home personal computers are better protected from malicious hackers than many ATM servers,” he added. “Financial institutions are failing to perform patch updates to ATM servers because third-party vendors aren’t approving the patches to be applied to the systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems.” Vendors can’t always push patches right away because they change the way the codes work with ATMs’ software. In some cases, the changes could break the machines. Credit unions and banks also often forget to patch vulnerabilities because of the delayed approval from the vendor. But a month with an unpatched vulnerability is “an eternity. It’s like dog years. I’ve seen some [patches] that have taken up to a year.” Vendors must check vulnerabilities faster, Stickley said. “It’s critical. It should take a couple of days at the most.”
Other Resources

RSS print
News Now LiveWire
Learn how to stay competitive with new research blog from @CUNA's econ/statistics dept in Wed's #NewsNow
9 hours ago
#FOMC meeting watch: Change in forward guidance expected #Market #NewsNow http://t.co/PH41VN1j9l
10 hours ago
Member growth at #creditunion continues despite mill closure #NewsNow http://t.co/rNRjLBjvX9
12 hours ago
CA/NV league pres/CEO Dykstra in @sacbee_news: Retailers should hold accountability in data breaches http://t.co/odyHd9N2OG
13 hours ago
Fin. lit. ideas percolate during .@NW_Banking #tweetchat #NewsNow http://t.co/nSS9Iiw0e0
13 hours ago