Credit Unions Face Cyber-Terrorism Threat: Onsite at GAC
WASHINGTON – Cyber-terrorists who seek to cripple or destroy the U.S. infrastructure threaten financial institutions, NCUA Chairman Debbie Matz told a CUNA Governmental Affairs Conference audience here Monday morning.
“Attacks, intended to create disruption, can crash networks but can also serve as a diversion for more damaging assaults,” Matz told a packed general session. “Imagine cyber-terrorists stealing passwords from your credit union and using (it) as an entry point to gain access to every payment system and every vendor with which you have a digital relationship.”
That scenario is more than just a what-if. Matz said hackers already breached a mid-sized credit union and used the credit union’s passwords to access one of the larger credit bureaus.
“From there, the hackers stole credit reports on hundreds of people who weren’t even credit union members,” she said.
To help credit unions fight the threat, Matz announced a new page on the NCUA’s website that provides information, including preventative measures credit unions can take. The NCUA is also participating in a cyber-threat working group with other regulators, law enforcement and intelligence communities, she said.
At the NCUA, Matz said, stringent security measures are in place to protect members’ information.
Matz urged officials to protect their credit unions by working collaboratively with their information technology teams, vendors, and other credit unions. She offered three specific ways credit unions can protect themselves from cyber terrorism:
- Implement appropriate risk-mitigation controls to better protect, detect and recover from cyber-attacks. This includes vendor due diligence, strong password policies, proper patch management, employee training and network monitoring.
- Make sure IT staff and vendors are on top of emerging cyber-threats. Hire experts who can be counted on to answer the very tough question: “Is my credit union really protected?”
- Get educated. Share cyber-security best practices with each other at league meetings, chapter meetings and professional groups. Participate in national information-sharing forums.
Matz also encouraged credit unions to review the National Institute of Standards and Technology cyber-security framework to evaluate how the standards could further protect credit unions and their members. The standards are part of President Barack Obama’s cyber-security goals, she said.
Matz also touched upon interest rate risk, urging her audience to avoid chasing short-term yields and instead keep investment portfolios that mitigate long-term risk.
“It’s easy to fall into the trap of chasing near-term profits by concentrating your portfolio in long-term investments, but falling into this trap will imperil your credit union,” Matz said. “Credit unions cannot afford to ignore this,” she said. “Ignoring rising rates is like pitching a tent on the beach at low tide. That tide is shifting. This swing from unrealized gains to unrealized losses marks a dangerous warning of things to come.”