Skip to content

TruStage RISK Alert: Vulnerable Third-party Vendors Highlight Cyber Incident Trends

As third-party vendor attacks continue to grow in frequency and severity, so do the obligations for a credit union to understand its third-party risks in all facets of its vendor relationships.

What makes these vendor attacks unique is that the incident targets data owned by the vendor organization along with the information of the vendor’s business customers, clients, and its other vendors.

Unfortunately, these cyber incidents can leave you in an extremely vulnerable
position, especially because of the lack of control and information available
when an incident at a third- or fourth-party vendor you rely upon directly
impacts your reputation and operations.

Third-party cyber incidents may force your organization to respond even though
they are outside of your control or originate from an indirect source. Although
you might not have an obligation to respond under current regulations, your
organization could still suffer significant reputational damage.

As part of the NCUA’s 2024 Supervisory Priorities, they will continue to prioritize
cybersecurity to “assess whether credit unions have implemented robust
information security programs to safeguard both member and credit unions.”
This continued focus is likely to include the review of credit union third-party
contracts and vendor management practices.

While outsourcing these responsibilities to third-party service providers may help
to alleviate some risk to organizations, it does not completely remove the burden
of compliance, and will often bring about new risks.

For more information and detailed risk mitigation tips, read the full alert at:

(Password and log-in required)

Join Our Mailing List

Keep up with the latest industry info, advocacy updates, member spotlights and upcoming events.