Credit Union Experts Provide More 2019 Cybersecurity Forecasts

What cybersecurity developments will affect credit unions the most in 2019/? In this second of a two-part article, we hear from some more credit union industry professionals who helped assess and predict security expectations for the year.

The threat of cyberattack will continue to be a major concern across all industries, Mike Morris, systems partner, Porter Keadle Moore, LLC, said. “These attacks threaten not only the data and security of both members and organizations, but could also damage the hard won reputation shared by most of today’s credit unions.” He added, they must take active steps now to develop the necessary protocols for combating and preparing for this issue. Credit unions should revisit and assess their overall risk and level of preparedness, identify potential areas for concern, and then develop risk management practices and security strategies to mitigate these risks.

“While internal controls are important, the human element continues to be a significant vulnerability, so credit unions should be diligent and thorough when it comes to training both employees, as well as their members, on possible threats,” Morris stated. Specific areas to think about include:  data loss prevention, network segmentation, vendor cyber resilience reviews, log management and protection, employee and member cybersecurity awareness, and computer forensic consulting.

Julie Esser, chief engagement officer, CULedger, said at the heart of cybersecurity crises is usually identity verification. “The first step of any transaction is confirming a member’s identity, and the traditional way of verifying a person’s identity digitally is quickly becoming outdated.”

Esser noted digital identities have mostly existed in siloes, usually in the form of a username and password, PIN, security questions or biometrics, and place a high-risk burden on financial institutions. “New, highly secure sources of digital identity will start to make waves in the credit union industry in 2019. Distributed ledger technology is a new technology that enables credit unions to verify identity through digital channels by enabling a self-sovereign identification method.”

The governance systems for cyberrisk management and oversight will be tested this year like no other, said Keith Malbrue, chief information officer for the $1.42 billion, Dallas-based Credit Union of Texas. “Board members and staff who are designated a role of managing this program need to ensure compliance including third party contractors. Responsibilities will include awareness of policies, procedures and standards currently in place.”

Malbrue anticipates examiners will focus on information security, business continuity planning, disaster recovery and Gramm Leach Bliley Act compliance. Other regulatory guidance will be tested as well.

As organizations increase their efforts to remain resilient to cyberattacks, fraudsters are finding more creative ways to attack them, Steve Sanders, vice president of internal audit, Computer Services, Inc., emphasized, “For IT leaders within financial services, identifying and preventing fraud has become the most arduous facet of their job.”

Sanders detailed the biggest threats facing credit unions in 2019:

1. Applications, and the infrastructure that hosts them, have become go-to targets for attackers. Every line of code represents a new risk, so make application security a high-level priority.
2. Using the cloud provides organizations many advantages. However, cloud services also increase the scope of data responsibility. It is important to ensure storage settings are properly set to keep data private.
3. Many credit unions depend on easily accessible bots to enhance customer service. But there are also bad bots that can expose an institution to a variety of direct and indirect attacks, from increasing advertising costs through false clicks to a DDoS attack. “Ensuring controls are in place to detect and deter illicit bot activity is a great way to reduce your risk profile.”
4. Machine learning and artificial intelligence are giving attackers the means to predict new passwords based on previous credentials, providing easier entry into websites, servers, etc.
5. Data aggregation has become a robust revenue stream for many organizations, which has led to increased scrutiny from global governments. “Laws like the European Union’s General Data Protection Regulation and the California Consumer Privacy Act aim to give consumers more control over their data. Because these laws apply to your members’ location, not your institution’s, you should familiarize yourself with them now and start making preparations to address these emerging privacy requirements.”

Credit unions will face new and more sophisticated threats from emerging newcomers such as nation state actors and attackers focused on cybercrime for economic growth, Mark Ernest, senior manager, security and threat intelligence, Member Driven Technologies, said. “This is evidenced through many of attacks attributed to North Korean hackers, such as group APT38, attempting to steal more than $1.1 billion dollars from banks around the world since 2014.”

Ernest also suggested, as risk and fraud continues to be a huge concern for credit unions in 2019, they must proactively implement cybersecurity solutions whether handled in house or through outsourcing to an accredited third party. “Credit unions must have a series of sound prevention methods such as two-factor authentication and the ability to identify and respond to malicious activity in a timely manner.”

For Eric Brandt, senior market analyst, D3 Banking, 2019 will bring new and improved security standards allowing credit unions to offer more convenient banking services, including functional voice banking such as through Amazon Echo, Google Home and Apple’s Siri. “With the right security in place, members can feel at ease making transactions, asking for recommendations and managing their finances with voice technology.”

Brandt pointed out security concerns stalled the proliferation of such services in 2018, but those concerns are quickly being addressed. “Credit unions are in a unique position to test out new products and features like this thanks to their loyal member base. This can give them an edge on the larger financial institution competition.”