Prepare for the next cyberattack: 3 steps

According to Federal Reserve Chairman Jerome Powell, cyber risk is one of the foremost threats to our global financial system. This is an important statement given the current pandemic and other issues facing our global economy.

Credit unions understand this reality as they face a constant bombardment of threat actors seeking to exploit vulnerabilities and breach these important institutions. To effectively manage this risk and reduce damage caused by a data breach, ransomware attack, or other form of cybercrime, there are three specific priorities credit unions can address immediately.

First, cybersecurity should be viewed as an enterprise risk and demand the attention of the most senior executives—starting with the CEO. As the highest-ranking executive in charge, CEOs set the priorities to reach specific business objectives and drive success for all members. CEOs should create a culture of security from the top down, aligning departments and operations within a cybersecurity risk management framework to properly address threats that could impact critical operations and business objectives.

Second, leaders should conduct an independent assessment of their cybersecurity programs. To improve security, you must first know the strengths and weaknesses of your own programs. While you may have a talented team, bias exists when progress is communicated up the leadership chain.  An independent assessment:

• Provides independent verification about the strengths of your security effectiveness.
• Prioritizes next steps and where critical investments should be made.
• Highlights challenges and strategic resources needed for your chief information officer (CIO) or chief information security officer (CISO) to meet assigned mandates.

Finally, equip your credit union with the ability to quickly detect threats and indicators of compromise and have plans in place to remediate them quickly. Credit unions must gather, analyze, and monitor information on threats and vulnerabilities affecting their organizations:

• Are your network operations continuously monitored to detect and lock down potential threats before they can spread and do harm?
• Is your team knowledgeable and informed about today’s threat environment, where vulnerabilities are being exploited across the financial services sector, and what to watch out for?
• Do you have a robust incident response plan in place to detect, contain, investigate, remediate, recover, and apply lessons learned when an incident does occur?

Continuous monitoring of network operations, along with a regularly updated and exercised incident response plan based on industry best practices, can ensure your credit union is prepared to act quickly and avoid disaster.

Ask crucial questions to better understand your credit union’s level of security—and better protect your members’ sensitive data and critical financial operations. With more informed and meaningful conversations about the effectiveness of your enterprise risk management program, you can take the right steps to mitigate threats.

Learn the most critical questions every credit union leader should ask about their cybersecurity risk management programs. Join us for a webinar on Wednesday, May 12, at 11 a.m. CST.

PETE CORDERO is managing director for professional services at Cyber Defense Labs.