As fraud and other cyber crimes continue to evolve, the task of protecting your credit union is only becoming more complex. Join us for nine sessions at this year’s eSchool where we will explore a variety of popular and important cybersecurity topics to learn the latest strategies and tactics on how to keep your data safe.
Attending these virtual sessions is beneficial for all levels in credit union security and technology, CEOs, risk managers, compliance professionals, policy makers and state examiners. Expand your cybersecurity knowledge and expertise to:
- Build a foundational understanding of cybersecurity obligations and guidance
- Learn about top threats and how to protect your organization
- Understand how targeted internal audits and providing an independent assessment of existing controls, can assist audit committees and board of directors in understanding the diverse risks of the digital world
- Learn about the current state of artificial intelligence and machine learning with a focus both on its future potential as well as present day applications to enhance security
- Learn about zero trust architecture and strategies
- Learn how a security and automation platform can greatly assist in determining the threats, risk and vulnerabilities and then correcting those deficiencies
- Discuss state specific privacy laws that could affect credit unions
This event is endorsed by CUNA Technology Council.
Who Should Attend
This eSchool is beneficial for I.T. professionals, C-Suite, risk managers and anyone needing cybersecurity training.
Speaker: Rayleen Pirnie
Cyber threats often evolve faster than security, bringing new challenges each day. Within this everchanging environment it can be difficult for less experienced credit union professionals to understand the changing threat types when the foundation is not solid. Understanding the terminology, regulatory requirements and parameters of a cybersecurity architecture is crucial to grasping the more advanced topics.
This optional training session will prepare attendees who have minimal cybersecurity knowledge for the eSchool; or anyone else looking for a refresher of key concepts is welcome to attend. By participating in Cybersecurity 101, you will:
- Learn key terminology and definitions
- Identify cybersecurity obligations and guidance
- Gain a fundamental understanding of an information security structure
- Explore proven security strategies and available resources
- Record critical elements of risk assessments
- Discuss regulator expectations for the onsite exam
- Receive as a takeaway: Cybersecurity Terminology Quick Reference Guide
Cybersecurity From the Dark Side
Speaker: Sherri Davidoff
Today’s credit unions are under attack, literally, by criminals around the world. As defense, cyber experts like Sherri Davidoff hack you first, and find your weaknesses before the attackers do. In this fast-paced talk, she'll show you how today's cybercriminals take hacking to the next level, with screenshots and videos of the latest malware from the dark web. Watch as criminals steal passwords, scrape credit-card numbers and siphon away money. Learn about the top threats and ways that you can protect yourself, your organization and your community.
Internal Audit and Cybersecurity
Speaker: David Anderson
Increasingly, organizations are recognizing the need for a strong third line of cyber defense. Credit union internal auditors should play an integral role in assessing and identifying opportunities to strengthen security across an enterprise. Through targeted audits, and providing an independent assessment of existing controls, internal audit can assure audit committees and board of directors understand the diverse risks of the digital world, while avoiding potential legal and financial liabilities.
The Rise of Zero Trust Network Architecture
Speaker: Jason Kirby
Traditional security network architecture has relied on an authenticate and trust model where the network’s shell was hardened, but authenticated users had wide latitude to move around once permitted inside. As hackers continue to abuse this framework with compromised authentication credentials, the “never trust, always verify” concept of zero trust has arisen.
This session will explain zero trust architecture and micro compartmentalization of the protected surface. Attendees will gain a better understanding of strategies to ensure that even if an unauthorized party makes it into the network, their ability to move side to side and up and down are limited. By participating in this session, you will:
- Build a foundation of understanding around zero trust
- Learn why it has been a rising concern
- Discuss areas of concern regarding zero trust and your network
- List technologies that can support zero trust
- Identify if you are already zero trust compliant or been working towards that goal – potentially not even realizing it
Turning the Tables on Automated Account Takeovers with Machine Learning
Speaker: Shreyans Mehta
Bad actors are targeting credit unions with account takeover attack campaigns that result in fraud, customer dissatisfaction and damage to the brand. Faced with an adversary that has easy access to a regularly refreshed trove of stolen user credentials, sophisticated attack toolkits, and infrastructure; these automated attacks target your public-facing web and API-based applications.
Hiding in plain sight as legitimate, or syntactically correct transactions, make it difficult for standard security tools to detect using malicious content inspection or known-bad signatures. Separating malicious from legitimate intent and tracking bad actor behavior are two examples of where machine learning can help your understaffed security teams gain the upper hand on these cybercriminals.
In this session, you'll learn:
- Why machine learning is critical to stop even entry-level hackers
- How machine learning techniques can aid the detection and defense against sophisticated bot attacks
- About the different types of attacks that are executed against credit union sites and apps
- What to do to reduce your API, web and mobile app risk
The Threat is the Ecosystem: Cyber Defense Should Start Beyond Your Perimeter
Speaker: Nayan Patel and Jim Penrose
Threat actor techniques have evolved to abuse the foundations of the internet making malicious attack activity virtually indistinguishable to the untrained eye. The attackers have gotten smarter so your game plan for defending against them must be smarter too.
During this session, our experts will discuss:
- Specific examples of these modern attacks and techniques, leaving you with a better understanding of their impact and severity
- How the threat actor strategies have shifted from looking for a hole in your perimeter or users traditional phishing susceptibility, to studying you from the outside in order to map and exploit your network of trusted relationships
- Building a framework to position your defenses for threats both inside your network, with what you control and outside of your perimeter, that you can’t directly control
Payments Fraud – What’s Trending
Speaker: Ken Otsuka
What’s currently trending with payments fraud? What are the new or existing scams targeting credit unions today? What tactics are fraudsters using? This session will help answer the question, how do they do that?
This session will cover current fraud trends impacting credit unions, including:
- Account takeovers
- Wire scams
- ACH fraud
- Check fraud and plastic card fraud
A Road Forward: Cybersecurity Trends and Challenges for Credit Unions
Speaker: Gerrit Boele
During these uncertain times, credit unions must remain vigilant as challenges within the cyber threat landscape continue to multiply. Strained resources, unrelenting cyber threats, and a new normal stand between you and the future of cybersecurity... so, how will your organization prepare to navigate the changes on the horizon?
In this session, we will discuss the top cybersecurity trends and challenges facing credit unions.
Key topics that will be covered include:
- The increasing sophistication of cybercriminals
- Preparing to expect the unexpected
- Understanding privacy compliance and how the California Consumer Privacy Act (CCPA) can affect you
- Overview of the NCUA’s Automated Cybersecurity Examination Tool (ACET) and how you can best prepare for exams
- Third-party vendor due diligence and compliance challenges
The Security Operations Approach - Ending Cyber Risk for Credit Unions
Speaker: Matt Duench
Cybersecurity is a moving target. While traditional security tools and platform vendors chase the latest threats and pivot to align with the latest trends, overwhelmed security teams are left feeling the pain of implementing and managing underperforming products.
Join this webinar to hear from Arctic Wolf's Matt Duench, product marketing manager, as he covers how to see through the cybersecurity hype and get to the heart of what capabilities you need for effective security operations.
During this webinar, you will learn:
- Why credit unions need to focus on operations more than new tools
- Five functions every security operations team needs to master
- The state of security operations at credit unions today
- How credit unions improve security operations
Recorded eSchool length: 13.5 hours
This eSchool is available to CUNA Training Bundle users at no additional cost.