Fire drill or cyber drill? – It’s time to build muscle memory for new risks

by Ongoing Operations

by. Robin Remines

One of my favorite responsibilities as a BCP partner is performing tabletop exercises.  During this half day event, we engage our credit unions in very realistic scenario-based exercises meant to stretch the comfort level of the participants and identify gaps in the DR/BCP strategies. Traditionally, the scenarios are often environmentally based  – hurricane, tornado, earthquakes and so on depending on the credit union’s risk profile. In 2013 however, I began using a “cyber-threat” scenario which to my surprise quickly became the most powerful scenario I’ve used to date.

Why?

Cyber-threats are common to ALL credit union’s without exception.

Unless your credit union has absolutely NO ties to the internet you should be concerned about cyber-threats. I’ve said it in previous posts and I’ll emphasize it here again (in caps no less) .. it is WHEN not IF! Your credit union should be preparing and EXPECTING a cyber-related service disruption much like you already do for robbery or infrastructure related risks like fire and evacuation drills.

The likelihood and impact of a cyber-threat are often grossly miscalculated or unknown.

This is the most alarming and consistent finding during 2013.  Credit Union’s are seemingly unaware of their heavy reliance on the internet. You know that loan application you upgrade in 2013? All of those cool integrations (credit scores, BK reports, etc.) aren’t embedded in the package. They are a result of built-in ties to other applications via the internet. You can’t protect what you don’t know exists.

Another equally alarming misperception is that a cyber-attack generally means a complete outage. This is not the case as was discovered by our friends over at RadWare. Author Motty Alon hit the nail on the head with a recent blog post titled “Much More Than An Outage” where he reveals that “most Denial of Service attacks, 60% of them, result with degradation of the service level and slowness of the application or external web site. Only 27% result in a complete outage.”  Degradation of service can cripple your credit union with both internal staff and members being seriously impacted for long period of time! We’ll explore this in more detail in our next blog.

continue reading »