Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Cybersecurity is responsibility of more than IT, says CMG
SAN FRANCISCO (7/3/14)--Cyberliability exposures continue to evolve, and credit unions can no longer rely solely on their information technology staff to ward off a cyber attack. Network security now requires solid governance and oversight with active participation by management and the board of directors, CUNA Mutual Group's Jay Isaacson told a Discovery session Wednesday at the Credit Union National Association's 2014 America's Credit Union Conference in San Francisco.
 
Isaacson, CUNA Mutual Group's vice president of commercial products, said data breaches are increasing across all businesses, resulting in significant dollar losses and reputational damage. He cited the Verizon 2014 Data Breach Investigation Report, which indicated 1,367 data breaches occurred in 2013, with 465 involving the finance industry.
 
And the price tag is high. In May, the Ponemon Institute reported in its Cost of a Data Breach Study, the average total cost of a data breach was $3.5 million, with a global average cost of $145 for each lost or stolen record containing sensitive and confidential information.
 
"Think of your own credit union and do the math. While a data breach might seem somewhat remote, it's within the realm of possibility and could threaten the safety and soundness of your institution," Isaacson said.
 
Within the financial sector, the most common security breach incidents involved Web application attacks, denial of services (DDoS) attacks, payment card skimming and insider misuse, according to the Verizon study. While financial gain motivates most data breach perpetrators, cyber espionage is also increasing. Isaacson said the most common sources of data breaches are hacking, followed by malware.
 
Specific to credit unions, Isaacson said the most common cyber claim themes reported to CUNA Mutual Group under its Cyber and Security Incident insurance coverage involved DDoS, third-party service providers, employee errors and lost or stolen devices.
 
"Network security is only as strong as the weakest link," he said. "You may have an air-tight data system, but if a third-party provider you use is lax, or a laptop containing confidential data goes missing, your credit union is at risk."
 
Isaacson said risk management considerations include education and training for all employees--not just IT staff; development and frequent testing of an incident/breach response plan; and the creation of a data security incident response team. Member education is also vital.
 
"There's a need to balance security and convenience," he said. "Members need to understand why certain security measures they might not consider convenient are necessary for their protection and the credit union."
 
He also encouraged attendees to consider transferring some of the risk to a cyberliability insurance policy. The two main components of a good cyberliability policy include expense coverage to assist in managing and mitigating a data breach and liability coverage to protect against related lawsuits.
 
In closing, Isaacson asked the audience to consider the following questions to help determine their level of preparedness for cyberattacks:
  • Does the credit union have an incident/breach response plan?
  • Is access provided to the necessary level of internal and external expertise to manage through a breach (IT professionals, public relations and legal counsel)?
  • Does the credit union understand the notification obligations and requirements in its state or any other state in which it has a record?
  • Does the credit union regularly review the controls and security of third parties housing your data?
  • Does the credit union have mechanisms in place to detect and react to potential DDoS attacks?
Be sure to visit  News Now and Credit Union Magazine frequently this week to keep up with all the ACUC action in San Francisco. You can also follow ACUC on Twitter using the handles and hashtag below:


RSS print
News Now LiveWire
.@CFPB is proposing to oversee larger nonbank auto finance companies for the first time at the federal level.
38 minutes ago
.@CUNA's Bill Hampel moderates a discussion on the future of credit unions in the post-100 million member world. http://t.co/kcXykiRQVn
3 hours ago
#Breaking: QE likely to end next month, @federalreserve says #NewsNow #Market http://t.co/u7Fb5l5fwM
3 hours ago
.@Experian study confirms that building a credit history is beneficial to financial marginalized communities. 64M are "credit invisibles"
3 hours ago
Reps. Sherman, Woodall and Heck speak about why they support CU tax status at The Hill forum. http://t.co/fMgBRCJoML
3 hours ago