.jpeg)
With financial services switching to ever-increasing digital platforms, the call for more advanced cybersecurity systems and procedures is crucial to a credit union’s operations. A key factor that credit unions need to consider is the difference and importance of both detective and preventative cybersecurity software.
Across the industry, credit unions have put an overreliance on preventative products such as Intrusion Prevention Systems (IPS) or Anti-Virus protection, etc., which has fostered a false sense of security. Preventative products work by stopping processes believed to be malicious which often lead to false-positives that can create business disruptions. For example, the stoppage of a loan process. While this practice may be important to conduct business, it can also leave openings for hackers to exploit. Introducing the question that keeps CEO’s awake at night; “How secure is my credit union from a cyber-attack?”
“While prevention is ideal, detection is a must.”
Credit unions believe the cyber detection included in their firewalls will ward off all attacks. However, is your credit union making use of the events from disparate systems? Is your IT Department manually reviewing events on the firewall, Microsoft Active Directory, Anti-Virus server, and every other system that logs events? After reviewing all that information, is your team able to make connections between the events of disparate systems that might lead them to believe there has been a compromise? For the majority of credit unions, the answer is no.
The best way to view every threat in your environment is with a System Information Event Management (SIEM) and centralized Log Management system. It provides the desired ability to store and correlate events from all your internal systems into a centralized, managed interface. SIEM and Log Management not only aids with compliance, it reduces a credit unions exposure to compromises by lowering the time to detection. When a compromise happens, it means your preventative measures have been by-passed. It could be an employee browsing an infected web server on the internet, an accounting personnel opening an infected invoice attachment in email, or an unpatched system vulnerability. According to IBM’s 2018 Cost of Data Breach Study: Global Overview, in the year 2017, US companies Mean Time to Identify (MTTI) a data breach was 201 days. Also noted in the report is the longer a data breach goes undetected the costlier it becomes. Once this breach occurs, how long will it take someone in your credit union to realize the compromise?
As a CUSO, United Solutions Company (USC) felt we were in a unique position to help credit unions with their security. USC has been managing Data Processing systems and back office operations for over 35 years. This experience has given USC insight into how security affects the day to day workings of a credit union. USC works daily in these areas with the credit unions’ staff and assist credit unions in securing their networks and ensure industry compliance so they can focus on serving their members.
USCs CU Assured product is a Managed Security Service Provider (MSSP). When purchasing CU Assured, United Solutions handles the deployment, maintenance and monitoring. Deployment includes the incorporation of all network devices with an IP address for asset tracking. The installation of Host Intrusion Detection Software (HIDS) on servers and PCs. A setup of Network Intrusion Detection Sotfware on your core switch (NIDS). The scheduling of monthly vulnerability scans and much more. Once deployed, CU Assured monitors your network for Indicators of Compromise (IoC). When appropriate the organization will receive alert email, SMS or phone alerts. If necessary, CU Assured can step in to assist with remediation.
USCs, CU Assured offers the best preventative and detective solution services in the market with the price. Check out our website at www.cuassured.com to learn more.
