Hackers and cybercrooks are outperforming credit unions in one key area.
They know how to work together.
“Adversaries collaborate and understand where to attack,” says Idrees Rafiq, vice president of information security and risk management consulting at Credit Union Resources Inc. “It’s important that we understand how to collaborate and combat these threats as an industry.”
Rafiq says there’s a lack of communication and collaboration among credit union information technology (IT) professionals regarding cybersecurity. But credit unions could improve cybersecurity merely by working together.
During the CUNA Strategic Planning Virtual Roundtable, Rafiq cites four collaboration essentials to improve cybersecurity:
1. Shared intelligence. Exchanging information and leveraging collective experiences and capabilities allows IT professionals to gain a more complete understanding of cyber threats, Rafiq says. When an attack happens at a single organization it may look benign, but when it happens at multiple locations it turns into a larger threat that requires action.
“Part of the problem is that we’re digesting from a firehose a ton of information,” Rafiq says. “We don’t know what’s actionable.”
2. Idea sharing. Without collaboration, IT professionals react when an attack occurs. But with collaboration, IT professionals can go on offense and think of ways to prevent adversaries from gaining access to systems.
“Participating in formal and unstructured discussions and intelligence sharing enables organizations to learn from their peers,” Rafiq says.
3. Shared resources. Trusted community groups provide an opportunity to share resources including threat information, scripts, workflows, and playbooks.
“If we work together to share information, we’re going to protect the credit union industry going forward,” Rafiq says. “The stronger defenses we can create as a whole will make each organization stronger.”
4. Shared intelligence models. Rafiq recommends IT professional get involved in shared intelligence models, which allow for information sharing and analysis. The National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) is specifically for credit unions, while the Financial Services Information Sharing and Analysis Center (FS-ISAC) is a larger group of various financial services.
“With a collaborative approach, credit unions can collectively improve the credit union’s cybersecurity readiness,” Rafiq says. “Together we can create an infrastructure that aligns with legal and procedural tactics and strategy. The approach is critical to how to survive as an industry and how we serve each member of our credit unions.”
Cyber Liability and Intelligence, a member benefit recorded webinar