There are some things in life that immediately evoke another when you think of them. Peanut butter and jelly, movies and popcorn, remote work, and sweatpants (I know you can all relate).
And speaking of sweatpants, it's become clear that the remote work trend is here to stay in some shape or form, even for credit unions who have been back in the office and on the front lines for some time.
If you, your team, and your members are accessing applications on the internet whether in the office, at a branch or at home, you are all accessing the cloud and therefore are exposed to cyber-attacks. While remote work has many benefits, the sudden revolution has left significant gaps.The BSA, a trade organization that represents software giants like Apple and IBM, estimates that
“1 in 3 software products in use is unlicensed and unmanaged” and Cybint, a global cyber education firm, states there is “a hacking attack every 39 seconds and 95% of attacks are due to some kind of human error in daily practice or up the chain in strategy.”
Cloud and cybersecurity must be thought of as inseparable and addressed collectively, and the tools, processes and people that use, support, and access them should be constantly reviewed. As with any danger, understanding your threats and your ability to defend yourself lies at the core of being able to protect yourself.
In partnership with Think|Stack, Filene recently conducted a research project asking credit union leaders and their vendors where their organizations are on their cloud and cybersecurity journey.
The research focused on key threats, cybersecurity frameworks, IT maturity and cyber posture along with key talking points in cloud and cybersecurity.
The top threats are malware, ransomware, advanced persistent threat, phishing attacks, and social engineering.
Each of these threats requires several protocols to effectively defend your organization from them. There is no single solution or “quick fix”. Only a comprehensive approach can help mitigate the risks.
While frameworks like NIST can be helpful in providing a starting place, credit unions need support to understand gaps and the specific elements that may need to be addressed. During the research study interviews, credit union leaders shared some concerns about their team’s abilities to protect themselves and that some CUs ignore threats and “hope for the best”:
“I’m not sure whether our team is fully capable of defending us.”
“Some credit unions bury their heads and think it won’t happen to me."
While other credit unions expressed concern about the ramifications of a high-profile breach on an organization and the industry at large:
“If credit unions don’t have the controls in place to avoid data breaches, there is a reputational risk because it’s competitive space they are in. Customers can go elsewhere.”
The study also addressed some myths and misconceptions around security, and the financial impacts of a cloud strategy. As mentioned, most credit unions are already accessing the cloud on a day-to-day basis whether they have a strategy and security posture around their cloud practices or not. The study found that credit unions that understand how to leverage the cloud as a tool are seeing benefits and positive outcomes.
“Cloud computing opens up opportunities for growth for smaller credit unions.”
“[Cloud-based technology provides] access to amazing computing power but [you] pay only for what you use.”
Finally, and most importantly, the study wraps up by addressing member impacts and asking if mitigating risk has to be done at the expense of the member If there is a “we don’t know what we don’t know” mentality when it comes to cyberthreats, wouldn’t it be the same “don’t know” issue when it comes to the member impact?
This is a key point and one that deserves consideration especially as members continue to demand more seamless “Amazon-esque” technology experiences.
Luckily, Amazon has a cloud for that - Amazon Web Services (AWS) - and with the right understanding of your shared responsibility when it comes to securing your holistic environment, you can leverage all the power of the cloud while working securely within your risk tolerance and budgets.
If you would be interested in joining the conversation for the next phase of research, please contact Tim Foley, Chief Growth Officer for Think|Stack, a cloud solution and managed IT CUSO. He can be reached at email@example.com.
About the Author
Chief Growth Officer