Plans concerning supply chain attacks can be broken up into two categories: Those related to controls and standards put on a third-party that a credit union does business with, and those that dictate how a credit union will respond to a breach – internal or otherwise. Standards, processes and procedures that credit unions should put in place to ensure they are prepared for a supply chain attack include:

Establishing a third-party risk management program that evaluates the security of providers before using their services, sets security standards they must meet and audits them on a regular basis.
Including language within contracts to be notified within a specific time of a breach of the third-party and/or the credit union's data.
Monitoring the security of the providers you do business with. Ensure that you'll know if they are breached or if a vulnerability is found in their software.
Classify your data, document who has it and what data they have. This will ensure that if there is a third-party breach, it can be quickly determined what is at risk.

Credit unions should also establish the processes and procedures to be able to effectively react to breaches when they occur. Steps that can be taken now to reduce the impact of a breach and provide faster resolution include:

Creating an incident response plan that defines how the organization reacts to an incident, what internal team responsibilities are and who should be contacted.
Monitoring the internal environment for security anomalies, investigating alerts, and quickly responding to internal incidents.
Generating communications guidelines that define internal and external communications and who performs them, and creating templates or holding statements that can be quickly modified during an incident.
Establishing third-party relationships to assist during an incident. This includes cyber insurance, an incident response retainer, legal counsel and crisis communications.
Having a patch management program that ensures vulnerabilities in software are patched quickly.
Fostering a culture of security within the organization, educating employees and providing methods they can report security incidents without fear of repercussions.

Unfortunately, supply chain breaches – originating internally or at third-party providers – are inevitable. This is even more concerning given the sensitive data that credit unions hold. However, preparing for breaches now will ensure that credit unions can respond quickly, limit their impact and recover with little, if any, downtime.

Instant Insights /

Supply Chain Attacks Are Inevitable – Here's How to Prepare for Them

Related Stories

Recommended For You