Collaboration is the Key for Cybersecurity Success:
Posted by Mr. Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc on 5/8/2017

Working with credit unions of all sizes for just under 12 years now in the realm of cybersecurity, it was evident that collaboration is the key to combat the adversaries around the world. My impression was backed up in the summer of 2014 when the Federal Financial Institutions Examination Council (FFIEC) piloted a cybersecurity examination work program (Cybersecurity Assessment) at over 500 community financial institutions to evaluate their preparedness to mitigate cyber risks. One of the key findings was that there is a serious need to enhance threat intelligence and collaboration.

With credit unions trending to acquire community charters, competition plays more of a role than collaboration. Although competition can be healthy, it doesn’t prove to be a positive thing when fighting cybercrime. The FFIEC published the following four questions for credit unions to consider:

  1. What is your process to gather and analyze threat and vulnerability information from multiple sources?
  2. How do you leverage this information to improve risk management practices?
  3. What reports are provided to your board on cyber events and trends?
  4. Who is accountable for maintaining relationships with law enforcement?

In a subsequent document, guidance was listed within the Cybersecurity Assessment Toolkit (CAT), under the maturity level of baseline, where NCUA expects all credit unions to comply with:

  1. Belonging or subscribing to a threat and vulnerability information sharing source(s) that provides information on threats.
  2. Using threat information to monitor threats and vulnerabilities.
  3. Using threat information to enhance internal risk management and controls.

The burden to comply may not be the same for all credit unions. For those who struggle or willing to help others, there are options. Here are some of the organizations that I belong to that demonstrate a solid sense of collaboration that will help you achieve compliance and a strong cybersecurity posture:

  • The National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) which promotes the strengthening of credit union cyber resilience through intelligence, operation guidance, and education. Unlike the FS-ISAC, this is actionable intelligence and includes educational components in its digest that even the most technology challenged person could understand and most important, do something about.
  • Cornerstone Technology Council which promotes a regional collaboration forum where credit unions of all sizes can exchange ideas, best practices, and post questions to professionals that have your best interest in mind.
  • CUNA Technology Council is a nationwide council with more technical discussions and collaboration. The council is focused on Networking, education, and providing tools, resources, and information to its members.
  • Infragard: Infragard is a partnership between the FBI and the members of the private sector. The group focuses on timely collaboration between the private sector and government agencies to expedite the response to attacks.

There is a lot to digest in the realm of cybersecurity, protection, compliance, risk management, cybersecurity controls, external third parties, and ext. If you don’t, or haven’t collaborated, feel free to start with collaborating with me!!! You can reach me via email at irafiq@curesources.coop.  

Categories: Compliance, Education & Training, Technology Consulting & Compliance
Post a Comment
Name:
Email: (Email will not be published.)
Comment:
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter


 
 

 

Affiliates:

Connect: FacebookTwitter©  Credit Union Resources, Inc. All rights reserved.

 

Contact Us
6801 Parkwood Blvd.
Suite 300
Plano, Texas 75024
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form