Improving Cybersecurity and the Bottom Line

Managing $995 million in assets on behalf of 71,000 members often means finding efficiencies to do more with less, a challenge many credit unions face. For example, the IT team at Bay Federal Credit Union is charged with managing all aspects of the IT infrastructure, including issues related to cybersecurity and compliance. With such a wide breadth of responsibility, it becomes challenging to accelerate projects to help the top and bottom lines while, at the same time, improving our cybersecurity and meeting compliance obligations.

At Bay Federal, we recently implemented security innovations that freed up resources to accelerate the business while also improving our cybersecurity maturity.

Leveraging Cybersecurity Best Practices

Credit unions need to maintain an optimal cybersecurity posture and meet compliance obligations. A cybersecurity best practice is to establish a security operations center (SOC) that aggregates telemetry from various systems and allows analysts to comb through data to find anomalies and indicators of compromise, and to identify potential threats. A SOC is also a linchpin for reporting to meet a variety of compliance regimes, such as PCI DSS and those from the NCUA. But establishing a SOC is anything but easy. It requires costly infrastructure like a security information and event management system (SIEM) software, along with the necessary security analyst headcount to provide 24/7 monitoring.

An on-premises SOC was beyond our budget at Bay Federal, even though the capabilities of a SOC were essential for a comprehensive cybersecurity program. We sought alternatives and discovered SOC-as-a-service offerings that included managed detection and response (MDR) capabilities providing a force multiplier for our IT team. MDR is a new category of services – the industry analyst Gartner said it sees about 5% of businesses using MDR today and expects that number to triple to 15% by 2020. Since we’ve been using MDR services, we’ve been able to redeploy IT staff to projects outside of cybersecurity that drive business initiatives, and increase revenue and the bottom line.

MDR Augments Your IT Team

Our MDR partner, Arctic Wolf, does not eliminate the need to have skilled IT security staff on hand, but it allows us to maximize the talent we have. There is no way I could hire, train and retain the eight to 12 analysts that I would need to provide 24/7 monitoring. By using SOC-as-a-service, our partner hunts for threats in our environment and alerts us when something significant is occurring. It supercharges our IT staff.

Our MDR partner gave us 90% of what we needed out of the box and generated the additional 10% through customized reports that are part of the base service. We will spend less time in audits and examinations because a concierge security team generates the reports we request. These concierge security services provided by MDR will help us tighten our security and meet our NCUA and PCI DSS obligations.

An optimal SOC-as-a-service meets today’s needs and scales services as your credit union evolves. That involves accommodating your existing on-premises environment as well as monitoring your cloud environment, such as infrastructure-as-a-service like AWS and Azure or software-as-a-service like Office365, GSuite and Box. While I encourage you to explore any and all offerings, look carefully at traditional security vendors/partners.

MDR Services Frees IT to Drive Business Initiatives

As a CIO, one of my challenges is figuring out where to invest to accelerate our business. This means projects to increase membership and reduce costs, as well as manage cybersecurity risk and meet compliance obligations. MDR allows me to improve security and compliance while also being able to strategically redeploy headcount to accelerate projects that improve the business outcomes for members. It will help Bay Federal provide better membership services while improving security and compliance.

Richard Roark is Vice President and Chief Information Officer for Bay Federal Credit Union. He can be reached at 831-479-6000 or rroark@bayfed.com.