by: Robin Remines
According to theJanuary NCUA Report, “In 2015, NCUA willredouble its effortsto ensure that the credit union system isadequately protected from cyber threats. Field staff will be reviewing credit unions’ability to manage information security, including their capacity to detect cyber-attacks and perform sound due diligence with regard to any third-parties that handle credit union data.”
And if that’s not enough to get your blood pressure up,the report emphasizes that cyber security is among thethree supervisory priorities for 2015(interest rate risk and BSA Compliance are the other two).
And to keep it interesting – NCUA will also be focusing on credit unions’ ability to recovery from a security breach – in other words – where is your Incident Response Program?
It is clear that NCUA isn’t taking cyber risks lightly. And while the attention is warranted, credit union CIO’s are left without specific guidelines on whatspecifically“adequately protected” means. This reminds me of when I was a VP/IT at a credit union and NCUA required a pandemic plan. We all knew we needed a plan yet were left wondering if our efforts would really be effective if that scenario was played out.
