NAFCU Services Blog

By Nick Curcuru, VP Global Big Data & CyberSecurity Practice, Mastercard

Building a sustainable cybersecurity program is crucial for credit unions, as 61% of cyberattacks are aimed at small- to mid-sized businesses, particularly financial institutions, according to the 2017 Verizon Data Breach Investigations Report. Lack of a strong cybersecurity program can be disastrous financially and in terms of reputation risk.

Companies looking to create cyberdefense programs must focus on 6 key areas:

1.        Governance and Risk Management
2.        Implementation and Design
3.        User Authentication and Authorization
4.        Prevention and Defense
5.        Data Protection and Encryption
6.        Monitoring and Response

Plenty of standards documentation exist, including ISO and NIST. The NIST Model, which NCUA refers to in its Cybersecurity Resources, breaks it down into these five components:

1.        Identify
2.        Protect
3.        Detect
4.        Respond
5.        Recover

For these programs to be successful, active management and use are required. Continuous improvement is necessary to stay ahead of outside threats. Credit unions must continuously test their programs, evaluate their effectiveness, set metrics for success, constantly monitor internal and external threats, educate employees, and collaborate with partners to maintain a strong defense.

Cyber defense programs and customer expectations call for companies to be responsible stewards of personal data. This ethic requires companies, such as credit unions, which hold personal consumer data to protect the information. Standards, specifications, and laws have set minimum requirements, but it’s not always enough. It is up to the enterprise to govern the internal program and maintain the security and usability of these sensitive records.

You’re thinking this is expensive. While cyber defense programs and solutions do come with considerable cost, it is substantially lower than the remediation and impact to your business if your credit union falls victim to a cyberattack. According to a Ponemon Institute study, financial institutions have among the highest cost in cyberattacks due to the impact to customers. Not only does it end up costing the financial institution $215 per record, but more than 50% of victims consider changing financial institutions and 13% blame the institution. Compare that to the cost of prevention: approximately $73 per record. The value of preventing a cyberattack is clear. Couple those savings with the savings in customer retention, reputation, and remediation, a strong cybersecurity program is the way to go.

Continue the conversation by watching the full webinar on demand now