CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » Preparing for cyberattacks
Technology Directors Subscribers

Preparing for cyberattacks

Develop an incident response plan to limit exposure time during cyberevents.

February 1, 2022
Jennifer Plager
No Comments
Preparing for cyberattacks

The global average amount of time to identify and contain a data breach is 280 days: 207 days to identify the breach and another 73 days to contain the attack, according to IBM’s “Cost of a Data Breach Report 2021.” 

Financial institutions fare better, with a 233-day average response time (177 days to identify a breach and an additional 56 days to contain the attack). But that’s still plenty of time for hackers to steal information. 

“The bad guys can do a lot in 177 days,” says Randy Romes, principal at CliftonLarsonAllen LLP. “They’re inside learning your business.” 

Romes discussed cybersecurity threats and how credit unions can prepare and respond during the CUNA Supervisory Committee and Internal Audit Conference. 

Credit Union Directors Newsletter

According to the IBM report, the average cost of a data breach in the U.S. is $4.24 million. Eighty percent of breaches include records containing personally identifiable information at an average cost of $150 per record. 

Hackers can do a lot in the time it takes organizations to discover and contain an attack, Romes says, such as disabling backups and security systems, obtaining access credentials, stealing sensitive personal data, and creating back doors for entry into the system. 

Ransomware gets the most attention, but Romes says it’s usually coupled with other acts and is simply the most visible part of an attack. 

The first step after a ransomware attack is resuming operations, he adds, but there are also legal and business ramifications that will persist after the breach. 

“Ransomware is what they do as they’re walking out the door,” he says. “They’ve already been in, taken over accounts, and taken our data.” 

Eighty percent of breaches have a root cause in email spear phishing or other social engineering efforts where hackers enter systems when employees click on phishing links in emails or harvest data by guessing passwords. 

“Be prepared,” Romes says. “This is going to happen. How do we turn the 177 days into seven days? You must shorten the time frame to limit your exposure.” 

Organizations must develop an incident response program and plan that includes response procedures and a list of appropriate contacts. To prepare, determine who will handle certain tasks, collect their contact information, determine how they’ll operate once an attack has occurred, and what the cost will be, he says. 

After developing the plan, practice it. Carry out tabletop exercises to walk through incident and response procedures, spear phishing tests, other social engineering tests, and “Red Team” penetration testing, which is more targeted than traditional penetration testing, Romes says. 

One thing is certain. Cyberattacks will happen, Romes says. 

“Not if. When. What are you going to do about it? You must prepare, implement, and practice a plan.”


This article initially appeared in Credit Union Directors Newsletter, which provides strategic insights for policymakers. Subscribe now to the print or PDF version.

KEYWORDS cybersecurity Directors Newsletter fraud

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • House passes CUNA, League-led board modernization bill

  • CFPB issues CUNA-opposed proposal on credit card late fees

  • Key committee leaders supportive of credit union priorities

Tweets by CUNA_News

Polls

Vote for the 2023 CU Hero of the Year

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us