Credit Union Magazine

By Jonathan Smith

From retaining the top security talent to avoiding a major breach that will land their institution in the headlines to becoming ready for all things cyber, today’s credit union executives face a number of challenges. They must find a way to stay on top of evolving trends when it comes to navigating the cybersecurity landscape.

Knowing the top seven cybersecurity trends for 2020 is just the start for credit union executives and their IT departments. Connecting the institution’s IT department with a trusted technology partner can help protect your members. Managed service providers (MSPs) are readily available – ensure compliance even with rules and regulations that seem to change every day, help with disaster preparedness and protect against bad actors all while delivering a full suite of technology solutions to protect the institution’s members.

1. The security talent crisis is growing.

Credit unions, while slow to make the transition, have started moving to the cloud because most lack the skills and bandwidth in-house to properly protect the data, systems and components. Unfortunately, cloud providers are not necessarily staffed or engaged (contractually) to perform the role of security for the credit union, even though the IT department may assume the cloud provider will take on that role.

“As cyber threats continue to grow in sophistication, organizations face a persistent challenge in recruiting skilled cybersecurity professionals capable of protecting their systems against the threat of malicious actors,” according to the Center for Strategic and International Studies.

The solution may be working with an MSP who can help fill the gap in the security talent crisis by forming a trusted partnership. This will allow your credit union’s IT department to work with a security and compliance-focused MSP who is available 24/7 and trained to support the credit union’s IT department in any situation.

2. Breaches will get more complicated.

Last year, the financial services industry saw a number of data breaches, from Capitol One to Equifax and many more, affecting consumers from around the world. Breaches will get more complicated and harder to beat because advanced persistent threats are harder to identify – and even harder to inoculate – than ever before. 

Bad actors have found ways to hide in the central processing unit (CPU), firmware and hardware making them virtually invisible, and often, hard for credit unions IT departments to detect. In fact, most breaches today are occurring because institutions are not following through on the basics. Credit union executives need to have their IT department partner with an MSP who can help detect complicated breaches before it’s too late.

Additionally, working with a SOC2 certified MSP helps ensure credit unions keep their members data safe in today’s climate of frequent data breaches and hacks. Executives need to be educated on how a SOC2 certified MSP can help safeguard against cyberattacks and hackers all while providing a full suite of technology solutions to protect their customers. With over 40,000 MSPs in the world today, having a technology partner who undergoes an annual SOC2 audit provides another layer of protection to member and credit union data.

3. Cloud: threat or opportunity.

While the hype around the cloud is big right now, the cloud is seen as much as a threat as it is an opportunity for credit unions. While there are many benefits of moving data and services to the cloud, an organization gives up a lot of administrative control. Taking the temperature of other industries who have moved to cloud and SaaS based applications for document storing can help credit unions determine the benefits of migrating their data to the cloud. On the other hand, it also helps them determine their cloud concerns – from data protection to the safety of their members data. 

4. IoT device attacks will be more severe.

With the coming age of artificial intelligence (AI) and Internet of Things (IoT), financial institutions stand to see major benefits, but credit union executives must also ask – what are the potential hidden risks of becoming more connected?

“With a hacking attack occurring every 39 seconds, it’s imperative that companies have the necessary security measures in order to survive as a formidable business,” according to Entrepreneur. In 2020, IoT device attacks will be more severe, and inventory management is required to keep credit unions data safe. Right now, asset inventory is informal at best, at most credit unions. The problem is that these institutions will purchase, implement and manage IoT devices without properly notifying their IT department.

For example, facilities might implement online thermostats, fish tank thermometers, lighting, TVs or refrigerators that could put the institution at severe risk because it leaves a potential hole in the network – the ability for a bad actor to attack the unsecured IoT device.

5. Cyber risk insurance will be more common.

For regulated industries, like the financial industry, insurance is already a must, and since 60 percent of small-to-medium businesses go out of business within six months of experiencing a data breach, it’s a good thing cyber risk insurance is becoming more prevalent.

However, cyber risk insurance leaves institutions will a false sense of security – most believe that if something happens, the insurance will cover the incident, but credit union executives need to remember the long document that notes all their procedures and processes. Did the credit union follow all of those prior to the breach?

If not, the institution may be at risk, so simply having cyber risk insurance isn’t enough. Having cyber risk insurance is a start; having procedures and processes in place to prevent an incident is key to ensure an institution can receive financial assistance from the insurance provider if a breach occurs.

6. Security awareness continues as a top priority.

Over the next 12 months, security awareness and budgeting will continue to be a top priority for credit unions. There is a risk of executive fatigue as it requires training, training and more training. Often, credit unions do not see the expected results because executives are more apt to go through training with glazed eyes, and as a result, they are becoming bigger targets for ransomware, extortion and email account takeover.

This year, credit union executives need to continue placing security awareness as a top priority, and while that may mean additional training, it will certainly benefit the institution’s security landscape.

7. Become cyber-ready.

Credit unions should appoint an officer or department head to ensure their institution is cyber-ready. This person should report to the board to provide updates as well as ensure the safety of member data.

Unfortunately, this trend can be tied to number one as well. Being cyber ready means credit unions need to have the leading IT employees to protect their institution, but many institutions struggle to find the best of the best when it comes to security talent.

In fact, many institutions don’t have a qualified individual on staff who can handle massive data breaches and cyber security attacks, and often times they do not even have a relationship with a qualified security professional. Since there are so few out there, and the demand is so high – partnering with a strong security firm, a compliance-focused MSP, is very important in the midst of today’s security challenges.

Ultimately, credit union executives have a responsibility to stay on top of the ever-changing trends and challenges their institutions face and protect their members and their financial data. This year, as the security talent crisis grows, breaches get more complicated and IoT device attacks get more severe, executives need to invest in the cloud and cyber risk insurance, maintain security awareness and become cyber-ready.

Jonathan Smith is the chief executive officer at Xamin, a leading provider of managed IT services for highly regulated and reputation-sensitive companies.