Maintaining situational awareness of current and emerging threats is increasingly becoming the cornerstone of an effective cybersecurity risk-management program.
A cybersecurity threat is defined as any circumstance or event with the potential to adversely impact an organization’s operations—including mission, functions, or reputation—by affecting its information technology or communication infrastructure through unauthorized access, destruction, disclosure, modification of information, or denial of service. Threats to IT and communication assets vary greatly and may include such things as malicious actors, malware (viruses and worms), accidents, and even natural events, such as weather emergencies.
Threat identification and response begins with collecting useful threat information from reliable sources, interpreting that information within the context of your credit union’s operations, and responding to threats that have the means, motives, and opportunities to adversely affect the delivery of services to your members. These responses can take on many forms, including simple things like adjusting your security settings on your IT systems.
Indicators of emerging cyber threats can also be found internally. In part, this is accomplished through the logging and monitoring of IT, networking and communication infrastructure assets. Logging essentially records network traffic and events related to your operations and security, and it can help identify a compromised system. Logging should be enabled, based on the assets’ potential impact if it’s compromised. For example, the greater the potential effects of a compromised asset or system, the more data your credit union should collect about the asset. Ideally, log files are then consolidated and analyzed to identify signs that your systems have been comprised.
It is also important to keep up to date on cybersecurity events and threats to your credit union. To do this, credit unions should subscribe to one or more information sharing resources to ensure your systems and staff are up to date on the shifting tactics and methods criminals and other actors use to compromise your institution’s information security and systems.
There are many sources of threat information, including open-source information like the internet and media, paid threat-analysis services, federal agency resources, and information sharing and analysis centers and organizations.
Rapid response to new types of cyber threats can significantly improve a credit union’s security posture and help protect consumer information more effectively. Additionally, credit unions should also maintain and regularly update a list of law enforcement contacts and regulatory agencies that can provide you with assistance if a cyber incident occurs.
The list below provides several federal and federally sponsored resources credit unions should consider to gain greater awareness of threats and events.
Executive Order 13691 directed the Department of Homeland Security to encourage the development of information sharing and analysis organizations beyond the traditional infrastructure sectors. The mission of this organization is to enable and sustain credit union critical infrastructure cyber resilience and preserve the public trust by advancing trusted security coordination and collaboration to identify, protect, detect, respond and recover from threats and vulnerabilities.
In collaboration with the U.S. Department of the Treasury and the Financial Services Sector Coordinating Council, the FS-ISAC’s mission is to enhance the financial services sector’s ability to prepare for and respond to cyber and physical threats, vulnerabilities and incidents, and to facilitate communications across the financial services sector during an emergency.
A resource of the Department of Homeland Security, the Computer Emergency Readiness Team leads the government’s efforts to improve the nation’s cybersecurity, coordinate cyber information sharing and proactively manage cyber risks.
A partnership between the Federal Bureau of Investigation and the private sector, InfraGard is comprised of representatives from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI on suspected internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners.
This is the Department of Homeland Security’s flagship program for public-private information sharing and complements the Department’s ongoing information sharing efforts. Through CISCP, the Department and participating companies share information about cyber threats, incidents, and vulnerabilities.
The Department of Homeland Security’s Automated Indicator Sharing capability enables the exchange of cyber threat indicators between the federal government and the private sector in real time. Ultimately, the goal is to commoditize cyber-threat indicators through AIS so these indicators are shared broadly among the public and private sector, enabling everyone to be better protected against cyberattacks.