By: Gene Fredriksen, Chief Security Strategist
I’m sure most of us are already thinking about business plans that will carry into 2020. You should also be developing a three-year plan around cyber resilience. Part of our planning is to ask, “What will the state of cyber security be in the year 2020? What will be important to the business? What will be most important to the regulators? What will the pace and sophistication of attacks mean to our defenses?”
The move to online and mobile banking has changed the credit union space forever. It is good for business and good for the members’ ease of use, but it brings significant risk that must be managed. Businesses and consumers now demand instant access to business goods and services, not just from their laptops, but also from their mobile devices. Driven by that demand, credit unions are opting to rely more and more on the internet to conduct business online. While the benefits of anytime, anywhere member access are clear, increasing reliance on the internet has its cons, particularly when it comes to a variety of cyber security issues. As the percentage of gross revenues from e-business grows, the risk to the business from cyber-attacks and outages also grows proportionally.
We all realize that we are significantly different from other financial service organizations. We are a not-for-profit, member-owned financial cooperative, democratically controlled by our members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to our members. Typically, we are regional, and have smaller IT, Security, and Compliance staffs. While the big banks have hundreds of information security workers, a typical larger credit union may have one or two. In a credit union, the resources wear many different hats. Big banks have security budgets of millions of dollars; credit unions’ security budgets are typically measured in the thousands. What does this mean? Without the significant people and financial resources of big banks, we must work smarter, sharing best practices and resources to provide the best security for our members. How should we gather and share our “collective smarts” for the good of the whole credit union industry?
Personally, my success has been rooted in asking questions and surrounding myself with really smart people. Information sharing is critical to the continued success of credit union cyber-security programs. We need a network of credit union focused specialists that we can reach out to when we have a question. Bob Bender, the CTO of Founders FCU calls this sharing system a “force multiplier.” We will never be able to hire dozens of cyber-security specialists for each credit union, but we can reach out to our peers every day, learning from each other and helping each other to be successful. After all, isn’t that the credit union way?