Data breaches aren’t a matter of “if,” they’re a matter of “when,” according to two information security experts who addressed the CUNA Technology Council’s 6th Annual Security Summit Wednesday in Chicago.
“You have to accept the fact that you’ll be breached,” says Marty Hetzel, manager of cybersecurity at BCU in Vernon Hills, Ill. “The question is, will you be ready?”
“If big companies like Capital One are being breached, more than likely it will happen to us,” adds Jesse Davis, IT governance and risk program manager for American Airlines Federal Credit Union in Fort Worth, Texas. “We have to know how to respond.”
Key to preparation is having an effective incident response plan, they say, which entails:
Ultimately, incident response plans must be strategic, consistent, efficient, documented, confidential, and empowered.
“Empower your groups and teams,” Davis says. “Train your people and get the right people involved.”
“Seventy-seven percent of organizations do not have a formal incident response program,” Hetzel adds. “That’s alarming.”
►Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCouncil and #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.