As a new feature of our site, we’re highlighting Wescom Financial’s innovation based on interviews with its leadership team. This latest installment features an interview with Mark Dy-Ragos, Vice President Information Security at Wescom Financial, who leads Wescom’s cybersecurity and fraud prevention team.
For credit unions, the 2025 cybersecurity landscape is fraught with danger.
From AI-generated deepfakes, phishing, and social engineering schemes, to massive ransomware hacks, financial institutions have never been more vulnerable.
At the same time, new, sophisticated technologies are putting effective fraud mitigation strategies in the hands of even the most resource-constrained credit unions, helping to even the playing field.
Emerging Threats to Watch
As Vice President of Information Security at Wescom Financial, Mark Dy-Ragos is tracking five specific areas of cybersecurity concern:
- Social engineering: The term “social engineering” has been around since at least the mid-1990s to describe a strategy where fraudsters try to coerce potential victims into divulging personal information and access to sensitive systems.
Today, criminals are increasingly using generative AI to quickly design and deploy incredibly convincing phishing emails, voice messages, and even video impersonations of real people (i.e., deepfakes). The use of AI in these campaigns has lowered barriers to entry and exponentially increased the ability of small-time fraudsters to scale their operations.
“From a threat perspective, fraudsters—even non-native English speakers— are now able to draft perfectly phrased emails with tone adjustment and other nuances,” says Dy-Ragos.
“Before, it was relatively easy to spot typos and grammar mistakes in an email. Now, we have to shift to other methods of detecting a phishing attempt, like how the email is being crafted, how it’s being sent, and where it’s coming from.”
- Ransomware: In a ransomware attack, a criminal uses malware (a type of malicious software that encrypts a victim’s files) to hold an individual’s or organizations files, data, or systems “hostage,” and then demands a ransom payment to restore access. Attackers often threaten to leak or sell sensitive data in a “double extortion” tactic if the ransom isn’t paid, adding further pressure on the victim.
According to Dy-Ragos, ransomware groups look to exploit weaknesses in an organization’s IT environment, knowing they have limited resources to combat threats and can’t plug every potential vulnerability.
He cites the example of a criminal group known as RansomHub, which has claimed responsibility for multiple attacks on prominent organizations including Rite Aid, Christie’s, and Patelco Credit Union. The May 2024 Patelco attack targeted the personal information of a reported 726,000 members. As a result, the $9 billion asset credit union was forced to pause its banking services for days to contain the breach.
“With a group like RansomHub, which exploits system vulnerabilities, the further they get, the larger a ransom they can demand,” Dy-Ragos says. “If they are able to take down your whole network instead of only compromising a few laptops, that gives them a lot more leverage during ransom negotiations.”
Dy-Ragos’ team is also keeping a close watch on a group called Scattered Spider, which specializes in social engineering-enabled ransomware attacks targeting help desks. - Third party vendor risk: Today, credit unions use more third-party services than ever before. From cloud-based loan origination systems and online banking providers, to payment processors and core processing systems, this reliance introduces significant complexity and inter-dependencies into the credit union technology ecosystem. Any vendor data breach, system outage, or compromise can quickly cascade through the organization.
Weak vendor security, resulting from misconfigurations, poor monitoring, or overprivileged access, is a key area of concern. In addition, regulatory scrutiny has increased in recent years, and vendor security protocols are now more closely evaluated in audits and exams. - Account takeover: Account takeovers (ATOs) and identity theft remain top risks for financial institutions. According to TransUnion, digital account takeovers grew by 21% in the first half of 2025 over the same period in 2024—up 141% since 2021.
Fraudsters are creating synthetic identities that combine authentic and fabricated data to open accounts or apply for credit with minimal detection. Bad actors are specifically targeting the account opening stage of the relationship, and as a result an estimated 8.3% of all digital account creation attempts in the first half of 2025 were suspected of fraud. - Legacy systems and “technical debt”: Lastly, many credit unions still run older systems or legacy platforms that are harder to patch and more challenging to secure. Outdated software can harbor hidden vulnerabilities, weak cryptography, and inadequate logging.
With the growing popularity of cloud-based third-party solutions, integration between old and new systems often introduces gaps that external threat actors can exploit.
Unfortunately, many organizations choose the path of least resistance when it comes to modernizing their tech stack. By implementing easier, cheaper solutions now, they create a “technical debt” that challenges their ability to shore up vulnerabilities in the future.
A Layered Defense Against Rising Threats
To address these new and emerging cybersecurity threats, Dy-Ragos recommends taking a multi-pronged approach that includes the following:
• Establish a “zero trust” mindset: Wescom Financial has implemented zero trust architecture as its overarching information security framework. This security model is designed to ensure that no user or device—whether inside or outside the organization—is implicitly trusted.
Dy-Ragos recommends securing access to all networks and systems through firewalls and strong identity management controls. In this way, even if one user (Employee A) is compromised in an attack, the bad actors won’t be able to access the files and systems of another user (Employee B).
“Do not grant access to all systems by default,” Dy-Ragos cautions. “Instead, only grant what is absolutely necessary for each user to carry out their job responsibilities. For example, users in the finance department should not have access to the files and systems of users in the contact center.”
• Adopt a “layered defense”: Employ a cybersecurity strategy that includes multiple levels of controls, tools, and techniques to create redundancy and minimize criminals’ ability to gain access to sensitive systems and data.
According to Dy-Ragos, “It’s important to implement defense in depth, so even if criminals can get past the first layer, you have additional layers of security to catch the next phase.”
“Think of it like a castle: even if the attackers make it across your moat and drawbridge, they run up against a series of doors that prevent them from breaching the castle walls.”
• Implement multi-factor authentication (MFA): Once rare, it’s now commonplace in financial services to require both internal and external users to provide two or more factors of verification to gain access to sensitive accounts. Standard practice is to combine different types of authentication, including “something you know,” like a password or PIN, “something you have,” like a smartphone or token, and “something you are,” which often consists of biometric measures (such as facial recognition, fingerprint scans, or iris scans).
“Authentication is key,” Dy-Ragos says. “It’s important to make sure that all high value and privileged activities within your environment are properly monitored and protected by some sort of additional authentication.”
• Regular patching: One of the best tools
available to a chief information security officer (CISO) is the regular patching of system vulnerabilities.
“Patching is a daily or weekly exercise that you need to do,” Dy-Ragos says. “Every application you use could have a vulnerability that leads to potential exposure. It’s basic cybersecurity hygiene.”
Using AI To Combat Cybercrime
The rapid rise of AI is certainly a threat to credit unions, but it is also part of the solution.
Credit unions are already using AI-enabled software to actively monitor for fraud, automate compliance checks, and flag risky transactions. And when payment fraud does occur, AI tools are adept at extracting and summarizing dispute information, helping staff respond faster and more accurately while maintaining consistency and compliance-mandated audit trails.
“The perspective we’re taking at Wescom is that AI helps make our cybersecurity processes more efficient, by getting data to our analysts more quickly,” Dy-Ragos says.
Dy-Ragos notes that current generative AI technology is “non-deterministic” in nature, meaning that the same input can produce different outputs. Because of this lack of predictability, he isn’t comfortable relying solely on AI to manage the entire incident response process. But he sees several use cases where it is extremely helpful for staying a step ahead of bad actors.
“One example is in vendor management and third-party risk,” Dy-Ragos says. “A lot of manual work goes into these document reviews, but several hours can be reduced to minutes by having an AI agent consume multiple documents to get to the heart of what an organization cares about from a control perspective.” Another area is through the automation of incident response playbooks. AI can play a significant role in streamlining and automating your credit union’s response to security alerts and incidents.
Protecting Your Credit Union in a New World
As cyber threats grow in sophistication and scale, credit unions can no longer rely on outdated defenses or “good enough” security postures. Protecting member data and institutional trust now requires a proactive, layered, and adaptive approach—one that evolves as quickly as the threats themselves. For IT and infosec leaders, the mission is clear: leverage automation and AI to strengthen detection, streamline response, and reduce the burden on human analysts, while maintaining rigorous governance and vendor oversight. In an era where bad actors are innovating faster than ever, the credit unions that will endure are those that stay ahead of the curve.