Credit unions and financial institutions should be on heightened alert for cyberattacks as a potential result of Russia’s invasion of Ukraine, federal officials said.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently issued two alerts addressing risks from Russian State-Sponsored cyber threats. The alerts highlighted recent malicious cyber incidents suffered by public and private entities in Ukraine.
CISA, along with the National Credit Union Administration, the Federal Bureau of Investigation, and the National Security Agency, encourage credit unions and their cybersecurity teams to adopt a heightened state of awareness and conduct proactive threat hunting.
NCUA encourages credit unions to review the two CISA issuances and act on the applicable recommendations. In addition, NCUA officials caution that credit union leadership should be aware of the cyber risks and take urgent steps to reduce the likelihood and impact of a potentially damaging compromise.
The NCUA created the Automated Cybersecurity Evaluation Toolbox (ACET) for federally insured credit unions to evaluate their cybersecurity posture. Credit unions that experience a cyber incident should contact the FBI’s 24/7 Cyber Watch at 855-292-3937 or by e-mail at CyWatch@fbi.gov.
Credit union officials should include the date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
Further, officials warn that COVID-related supply chain disruptions may require management to reevaluate previously held assumptions for business continuity and disaster recovery plans.