Print
"Risk is only increasing, and the threat to credit unions is ever-changing and real. The Federal Financial Institutions Examination Council (FFEIC), which the NCUA is a member of, new Cybersecurity Assessment Tool is an important part of mitigating risk and preventing cybersecurity breaches," remarked NCUA Information Systems Officer, Patrick Truett, in a presentation before credit union leaders at the Maine CU League's Management Roundtable in Rockport. Though not part of the original program, the presentation was added because, as League President John Murphy noted, "This new tool's inclusion as part of the examination process in 2016 is something that our credit unions need to understand, and utilize. Its timeliness and importance led us to reach out to the NCUA to include it as part of this program before this audience."
Truett said that new cybersecurity risks are occuring on a daily basis, this tool is designed to help identify those risks, measure preparedness and, ultimately, reduce a credit union's vulnerability. "We want to make it easier for information about risks and threats to be distributed more rapidly through a centralized database and better awareness. Malware, social networks, and global unrest are all contributing to the growing risk that we are facing today, especially in financial services. This tool helps to determine an institution's cybersecurity maturity. The Assessment provides institutions with a repeatable and measureable process to inform management of their institution's risks and cybersecurity preparedness," he explained.
The NCUA has identified the levels of cybersecurity maturity (preparedness) as baseline; evolving; intermediate; advance; and innovative. Truett said that the NCUA is primarily focused on credit unions achieving somewhere from the baseline to intermediate levels of maturity. These three levels encompass a credit union having timely patches, a formal cybersecurity program, accountability and regular patch testing.
The Assessment Tool will be updated annually so Truett urged credit unions to "provide feedback on how it works and what needs to be changed. This is just the first version, and the beginning of a dynamic process."
Resources:
NCUA Cybersecurity Assessment Presentaiton at Management Roundtable