The cyber-threat landscape in today’s world is one of constant evolution, and when it comes to this rapid change, it’s always advantageous to be ahead of the curve.
We saw cybersecurity threats quite evidently in 2018, already widely considered to be one of the worst years involving cybersecurity breaches and blunders. And, just because we all counted in the New Year with drinks in our hands does not mean we should expect a change over-night.
But, there is some change and growth we foresee happening in your credit union security (and in credit unions across the country) over the next several months.
#1 – Cyber Security Will Finally Be Taken Seriously at the Executive Level
Cue the applause and fireworks. Yes! We can all be excited about this one! 2019 already seems to be shaping up as the year the C-Suite and Board of Directors begin to view cybersecurity as a key business risk.
I want to clarify before diving deeper into this – of course, the Board has always viewed security as important to business practices. But the experts here at Rivial believe that information security will be prioritized in a way that it hasn’t yet been before.
Does this mean that all banks and credit unions will consider security as a vital, core element of their business design, essentially making it a large focus in the basic fabric of their company and brand? Probably not. But a greater emphasis on security by the Board and executives will undoubtedly be a catalyst of change for most financial institutions. IT teams can more-than-likely expect higher funding and more attention paid to them by the Suits.
This change may feel like a double-edged sword to some; a greater focus on cybersecurity means Board members will expect clarity in areas they might not have explored before or do not have the technical background to understand right off the bat.
IT managers (especially those working at a credit union with an asset size under $2B) will need to refine the way they communicate risk. Using technical jargon or acronyms understood by only those in your professional field will not be effective; find a way to measure and demonstrate cybersecurity risk in financial terms that make sense to executives.
Remember, being able to effectively communicate with members of the board ultimately helps everyone: it gives the folks in The Room the ability to make informed decisions about risk management and compliance so they can properly allocate resources and hire personnel, and it gives you the chance to educate the most influential shareholders on how well your security program is performing, as well as where you could use their support to make improvements.
If you’d like more information on how to present to the Board of Directors, check out this article.
#2 – More CISOs: Whether They’re Virtual or Onsite
As we’ve explored above, having someone with the unique skill set to be fluent on the technical side of IT as well as the business side of implementing a security program will be an indispensable role in the coming year. This position will be a popular one to fill this year, but not necessarily the cheapest investment your organization will make (this year, the average salary for a Chief Information Security Officer in the US is just over $220k).
One trend that gained some notoriety in 2018 – and we imagine will pick up some steam in 2019 – is the outsourcing of the CISO position to a third-party security provider. As we’ve covered in another article on using a virtual CISO supplementally to your security team, a vCISO is little different than a traditional CISO: they both address the Board, establish and maintain the security program, implement strategy, and move the security program forward with the enterprise vision of the organization. The biggest difference is that the virtual CISO is not onsite full-time. Typically, a vCISO is a fraction of the cost of hiring someone full-time, and you receive the benefit of having an entire team of security experts dedicated to the one role.
As your credit union entertains the idea of hiring a CISO in 2019, be sure to explore the Virtual CISO option as well.
#3 – An Emphasis on Overall Housekeeping
With cybercrime on the rise, we expect all financial institutions across the country to tighten up their day-to-day practices. All too many attacks are the direct result of vulnerabilities caused by user-error, and mitigating those risks requires a few further steps to be taken by your organization.
It doesn’t matter how many times the experts have said, we’ll say it again: please, please employ Multi-Factor Authentication (MFA) measures. Sure, they might not be as speedy as entering a single password, but they will help to reduce your vulnerability to ransomware, phishing, and social engineering attacks.
Secondly, expect a greater emphasis on user-training this year. Reducing human-error is paramount to maintaining an effective and secure IT landscape. Although we did not see any major penalties after the inauguration of stricter laws like GDPR last year, we imagine there will be a hefty price to pay for companies in violation in the future. One way to ensure this does not happen to your organization is to educate your staff on the types of attacks they will likely encounter and how to prevent them from leading to a breach.
Rivial offers a comprehensive User Training course to banks and credit unions. Follow me here if you’d like to learn more about it.
Start off 2019 right with a secure organization. If you have any questions about your security program, feel free to contact us.