David Zuleski, MSU Federal Credit Union (left), and Randy Romes, CliftonLarsenAllen, chat after Romes' session.
Randy Romes embraces the Boy Scout motto when it comes to cybersecurity: Be prepared.
“We need to be ready physically and mentally, and practice and be accomplished with the right tools,” says Romes, a principal at CliftonLarsonAllen who addressed the 2023 CUNA Cybersecurity Conference with NASCUS Tuesday in New Orleans. “We need all of these elements in information technology [IT] security.”
Cybercriminals view fraud as a business, he says. “They’re after information and access. Some groups specialize in financial institutions, while others focus on health care and retail. Once we know who they are, we’ll be better equipped.”
Romes says fraudsters will attack credit unions with:
Email spear phishing attacks, which account for 85% of all breaches.
Password guessing and business email account takeovers.
During that time, “they’re figuring out your business, where the crown jewels are, and how to access them,” Romes says. “Ransomware typically is the last act as they’re going out the door. It’s usually coupled with other acts, and is simply the most visible part of the attack.
“Resuming operations is just the first step,” he continues. “The legal and business ramifications of the data breach can persist.”
The average cost of a data breach is nearly $6 million, he adds.
Romes stresses the importance of incident response preparedness that incorporates people, rules, and tools.
“Security is not a product,” he says. “It has to be all of these things together. When people know the rules, they’ll do the right thing more than 90% of the time.”
Incident response preparedness entails:
Having a plan. This includes an incident response playbook, and disaster recovery and business continuity plans.
Knowing how vendors fit into and support your incident response plan. This requires creating a matrix of service provider responsibilities.
Practicing the plan. Conduct tabletop and live exercises, and regularly review and update the plan.
“Prepare, practice, and prove it,” Romes says. “IT needs to practice and prove that it can restore critical data elements in the heat of the moment.”
Credit Union Rock Stars are outstanding credit union professionals and directors from a wide range of disciplines who inspire and innovate to advance the missions of their credit unions. The 25 members of the 11th class of Rock Stars were selected for their exceptional creativity, innovation, and passion.
