Working with credit unions of all sizes for just under 12 years now in the realm of cybersecurity, it was evident that collaboration is the key to combat the adversaries around the world. My impression was backed up in the summer of 2014 when the Federal Financial Institutions Examination Council (FFIEC) piloted a cybersecurity examination work program (Cybersecurity Assessment) at over 500 community financial institutions to evaluate their preparedness to mitigate cyber risks. One of the key findings was that there is a serious need to enhance threat intelligence and collaboration.

With credit unions trending to acquire community charters, competition plays more of a role than collaboration. Although competition can be healthy, it doesn’t prove to be a positive thing when fighting cybercrime. The FFIEC published the following four questions for credit unions to consider:

1. What is your process to gather and analyze threat and vulnerability information from multiple sources?
2. How do you leverage this information to improve risk management practices?
3. What reports are provided to your board on cyber events and trends?
4. Who is accountable for maintaining relationships with law enforcement?

continue reading »