Thu, Oct 19, 2017
Earlier this month, a massive security breach at consumer credit reporting agency, Equifax, left 143 million consumers scrambling to protect their identity. As cybersecurity threats continue to evolve in both sophistication and scale, the need to safeguard your credit union’s reputation and member data has never been more critical.
While much is being done to combat these attacks, credit unions must learn to be nimble and prepare for how the next generation of technology will impact cybersecurity. According to a recent survey of hackers who attended the 2017 Black Hat Conference, the easiest and fastest way to access sensitive consumer data is through a privileged account, email account, or a user’s endpoint, such as a laptop or desktop computer.1
Consider the following tips to bolster your credit union’s cybersecurity efforts.
Develop a forward-looking cybersecurity methodology focused on expanding efforts to stay ahead of current threats versus maintaining a program that is merely compliant, or one that has been successful in the past.
Establish strategies to access and analyze the latest threat intelligence to help prioritize information security budgets and enhance internal technologies, so you can defend against threats from:
- DDoS attacks
- Phishing and malware scams
- Amplified vulnerabilities in mobile and Internet of Things (IoT) platforms
- Unpatched corporate software or insufficient security technology
Ensure the correct employee skillsets are in place. Changes in cybersecurity may require you to train existing employees on desired skillsets or bring on new talent. Keep in mind that hiring for employees with specific security skillsets can be extremely competitive, so you may want to have a plan in place for attracting data and analytics experts.
Capitalize on cyber threat intelligence (CTI) resources and advanced detection technologies to predict how certain threats or attacks are evolving and what perceived vulnerabilities are being targeted.
CTI provides critical information about cyber threat capabilities and how to prevent attacks. Organizations that leverage the expertise of professionals to review industry specific data from trusted sources like vendor partners, Information Sharing and Analysis Centers (ISACs), and the United States Computer Emergency Readiness Team (US-CERT), have been able to effectively protect and support their cyber environment.
Additionally, organizations may be able to respond even faster to threats by using advanced detection technologies such as Artificial Intelligence (AI). As a broad cyber security concept, AI applies to the idea that machines are capable of cognitive functions such as anomaly detection and classification. Machine learning uses special data and algorithms to identify risks and develop solutions, providing a more-informed response than traditional rule-based security programs.
When it comes to protecting your credit union’s reputation, assets, and data, a robust, multi-layered security strategy is critical. While advanced technologies like CTI and AI may improve detection and response, no technology can account for employee mistakes. You must establish a cybersecurity plan that combines what works today, what advances will help tomorrow, and how your well-informed and trained credit union staff can effectively deal with next generation threats.
Carlos Molina is a Risk & Compliance Senior Consultant for CUNA Mutual Group, the leading provider of insurance and financial services to credit unions and their members. In this role, Carlos is responsible for monitoring and planning for emerging risks and cybersecurity issues while consulting with credit unions of all sizes - helping them make strong strategic decisions that safeguard credit union operations and members. Contact him at firstname.lastname@example.org.
CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Corporate headquarters are located in Madison, Wis.
- Thycotic, 2017 Black Hat Hacker Survey, September 2017.