What is a SIEM and does my credit union need one?

With the ever increasing threat of a cyber security issue impacting your credit union and the ever increasing regulation – SIEM (Security Incident Event Management) is a real opportunity for credit unions to elevate their cyber security program. Over the past 20 years I have watched credit unions deploy a patchwork of cyber security tools with varying degrees of success.  Some credit unions are good at budgeting for the tools, some for the labor, but very few successfully sustain the ongoing care, feeding and investment that a robust cyber security program requires. In many cases, Ongoing Operations is hearing from its clients that they are spending over 85% of their IT resources just on keeping up with basic operating needs.

Cyber security advancement and hacking is derived from an endless game of cat and mouse that requires the modern credit union to be nimble, sophisticated and most importantly aware.  SIEM is a critical part of this system.  In most credit unions (if they have implemented 80% of the NCUA requirements), there is a never ending feed of data from disparate sources.  SPAM filters, web filters, Anti-Virus, Firewall logs, and Intrusion Detection systems are just a few. Generally we find credit unions have about 15-20 sources of information that they need to determine the current cyber security status of their environment. Given that most would be hard pressed to give even a 90% accurate count of their devices (pcs, smart phones, printers, etc.) on any given day – it seems like even being aware an attack is going on is unlikely.

SIEM aggregates all of this information into one data feed. Logs, inventory, event information, and even login activity is all aggregated together and then pattern recognition can be applied.  A well deployed credit union SIEM allows the organization to recognize typical hacker behaviors such as multiple login attempts from multiple workstations or employees accessing unusual files. Of course there are infinite ways and many attack vectors that can be used to exploit almost any credit union. Hence, early detection and recognition is absolutely essential to know that something shady is going on. Without a SIEM, the credit union would spend countless hours scouring log files trying to correlate things. Imagine your accounting department looking in 10 different General Ledgers trying to detect a check kiting incident. It would be almost impossible – yet somehow we expect that from our IT departments or CISOs (Chief Information Security Officers). SIEM offers the promise of 24/7 eyes watching, waiting, and looking for unusual activity so that it can be A) Detected and B) Stopped before significant damage occurs.

Implementing SIEM for your Credit Union today should be a top priority for budgeting and insuring that you are adequately protecting your members’ data and your credit union’s reputation. Learn more about how Ongoing Operations can help your credit union by contacting us at info@ongoingoperations.com or visiting www.ongoingoperations.com.

Kirk Drake

Kirk Drake

Kirk Drake is founder and CEO of Ongoing Operations, LLC, a rapidly growing CUSO that provides complete business continuity and technology solutions. With its recent acquisition of Cloudworks, Ongoing Operations ... Web: www.ongoingoperations.com Details