In 1947, a group of scientists created the Doomsday Clock to communicate the likelihood of a man-made, nuclear disaster. The clock, which currently sits at two minutes to midnight, remains relevant because it continues to incorporate new variables. Cybersecurity was added as a variable in 2017, underscoring its significance in today’s highly digital, highly interconnected world.
Each year cybersecurity threats multiply as attackers adopt new schemes and targets. Cyberattacks have become
This environment is driving an urgent need for intelligent security strategies based on multiple layers of defense.
The end of the year is a great time for credit unions to review and update cybersecurity strategy, with a focus on facilitating intelligent decision-making in the face of a continually changing threat landscape. Areas like staffing, technology investment and security priorities should all be considered.
Invariably, when establishing a sound security strategy, there will be tradeoffs. While security threats can seem overwhelming, they can be effectively countered with a balanced, layered approach that addresses crucial areas of vulnerability and provides the flexibility to keep pace with emerging threats.
In the next year, I expect many credit unions to look at their cybersecurity toolkits critically, with an eye toward synchronizing them – because criminals are doing the same. Credit unions realize that coordinated layers of defenses will help minimize risk, prevent fraud, ensure compliance, and enable consumers and businesses to transact with confidence.
Single, standalone security components, such as a strong firewall or antivirus measures, are no longer enough to protect against today’s threats. The devices and tools used to protect against cyberattacks need to work in concert with each other. Attackers can take advantage of gaps between systems to coordinate events that may not seem like threats until they are viewed and interpreted holistically.
Achieving this single view requires a high level of device communication and monitoring. Ideally, monitoring systems also should be intelligent enough to distinguish real threats from false positives to reduce the time and effort wasted investigating and responding to security “noise.”
Credit unions also must be equipped to remediate attacks when they do occur. This requires not only advanced tools, but also access to talented cybersecurity experts that are increasingly difficult to hire and – because of intense demand for their knowledge and skills – expensive to retain.
Due to the growing demand for cybersecurity technology and talent, I expect the outsourced cybersecurity trend to continue in 2019. While most institutions will continue to have in-house cybersecurity staff, having a third party available to handle solutions integration and threat detection and remediation can carry significant benefits, especially considering the pace of cybersecurity change and the general scarcity of cybersecurity talent.
Today, virtually anything – or anyone – that connects to your networks and data is a potential vector for a cyberattack. As attack sophistication increases, expect credit unions to secure member interactions across emerging channels, including the ever-expanding range of mobile and IoT devices, in-branch technology and even communications tools including email, telephone calls and texts that can be used for phishing and social engineering schemes.
While computers and mobile devices may seem to be the most vulnerable areas of your financial institution, cybercriminals often make a beachhead using some form of social engineering. Training staff to be vigilant and skeptical, as well as implementing secure methods of authentication such as biometrics, hardware keys and multi-factor authentication will be common if not a must have in 2019.
As the new year takes hold, consider where your institution is at on its own cybersecurity clock. Take the time to candidly review your security tools, technology and posture – and identify what you need to create the streamlined, layered and balanced approach that is needed to stay ahead of threats today. Be willing to make the investment of time and resources to stay ahead of the threats, including staffing and outsourcing as needed.
And perhaps above all, be cognizant of the member perceptions and experiences that will color your work in this area. Their security experience matters.
