Credit unions are facing increasing numbers of cyber attacks according to a survey for NAFCU’s October Economic & CU Monitor. This survey found that nearly 84% of respondents were operationally impacted by a local data breach within the last two years. While these effects may not garner the same headlines as large breaches affecting corporations such as Target and Home Depot, they have the opportunity be just as damaging for smaller financial institutions like credit unions. In addition, credit unions have the same sensitive information as other financial institutions, including credit and personal information. Credit unions are also facing daunting regulatory requirements, which at larger banks are often handled by entire risk and compliance teams. This increased threat landscape and regulatory pressures has, as we have noted before, elevated cyber risk issues to the board level.
So with credit unions facing constant threats, regulatory oversight, and increased board involvement, how can they effectively address these mounting issues? In this post, BitSight provides three tips to credit unions to enable them to tackle the issue of cyber risk:
Implement a continuous monitoring solution. The NCUA recently stated that it would be placing more emphasis on the cybersecurity exam process. Credit unions will be expected to implement the appropriate risk mitigation controls to better prevent, detect, and recover from a cyber attack. By understanding security posture with continuous monitoring credit unions can better demonstrate their cybersecurity effectiveness in these exams, while also having perspective on historical performance trends over time.
Benchmark security performance against peer credit unions. Credit unions need to constantly evaluate key financial and operational metrics through performance benchmarking. So why not cybersecurity? By benchmarking key security metrics against peer institutions, security and risk teams can better understand industry threats and communicate performance across their organization.
Provide actionable cyber security KPI’s to the board. National Credit Union Administration Board Chairman, Debbie Matz, noted in her speech at the Governmental Affairs Conference that cybersecurity is a top priority for credit unions. This means that Board members need to be involved. The challenge here is some board members may not feel adequately prepared to interpret these risks. With actionable and easily understandable metrics, such as event remediation, boards can begin to have a comprehensive perspective on their organization’s cybersecurity posture in relation to peers. Such metrics can better inform board members to make effective risk mitigation decisions.
By adopting some continuous monitoring and benchmarking capabilities, credit unions can begin to fulfill regulatory requirements and better prepare them to answer the crucial question: Am I really secure?
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address...
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...