NCUA Exams Will Assess Cybersecurity
NCUA examinations will include an assessment of a credit union’s ability to mitigate cybersecurity threats and respond to attacks, according to the agency’s annual report released Monday.
“Cyber-threats are another challenge financial institutions of all types must face head on. As federally insured credit unions increasingly offer online and mobile banking, they and their members, are at greater risk for cyber-crime,” said the NCUA’s annual report for 2013. “In response to this growing threat, NCUA examinations in 2014 will include an assessment of a credit union’s ability to assess and mitigate cybersecurity risks and respond to cybersecurity incidents.”
The NCUA warned that cybersecurity threats could originate internally or from any number of different sources, including international, state-sponsored and non-state actors, and from the broader payment system.
The report said the agency made some of its own enhancements to stay at the forefront of information security.
According to the NCUA, the Federal Information Security Management Act audit and the financial statement audits resulted in 60% fewer recommendations and about 50% fewer findings compared to previous audits.
“‘The New NCUA’ responds in real time to marketplace changes, including cybersecurity threats. In 2013, (the) NCUA’s Office of the Chief Information Officer completed a number of key initiatives, including working with Microsoft on a Proactive Adversary Detection Service engagement,” said the annual report.
“This engagement collected error logs and antivirus scan results. It also installed service information from all agency workstations and servers. The engagement found only minor malware remnants, which were removed by NCUA’s antivirus system.”
The report also said there was no evidence of intrusion, exploitation or compromise found on any server.
The Office of the Chief Information Officer successfully completed the implementation of End Point Protection software, which uses cloud-based, real-time intelligence to protect the agency’s systems against computer viruses and malware even when a user is not connected to the NCUA network.
“This solution provides NCUA with multiple layers of protection on all workstations,” said the report.