Current Geopolitical Events Increase Likelihood of Imminent Cyberattacks on Financial Institutions
Financial Institutions, Large and Small, Included in Potential Targets to U.S. Critical Infrastructure
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has recently issued two alerts addressing risks from Russian State-Sponsored cyber threats (opens new window) and highlighting recent malicious cyber incidents suffered by public and private entities in Ukraine (opens new window).
Given current geopolitical events, the NCUA, along with CISA, the Federal Bureau of Investigation, and the National Security Agency encourage credit unions of all sizes and their cybersecurity teams nationwide to adopt a heightened state of awareness and to conduct proactive threat hunting. In addition, COVID-related supply chain disruptions may require management to reevaluate previously held assumptions for business continuity and disaster recovery plans.
Credit union leadership should be aware of critical cyber risks and take urgent steps to reduce the likelihood and impact of a potentially damaging compromise. All credit unions, regardless of size, are potentially vulnerable to cyberattacks.
We highly encourage you to review the two CISA issuances and act on the applicable recommendations. It is crucial that your organization does its part to improve its resilience, reducing the risk of compromise or severe business degradation.
The NCUA recently created the Automated Cybersecurity Evaluation Toolbox (ACET) for federally insured credit unions to evaluate their cybersecurity posture. For more information, please visit the NCUA’s cybersecurity resources website.
Should your credit union experience a cyber incident, please contact FBI’s 24/7 Cyber Watch (CyWatch) at 855.292.3937 or by e-mail at CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at CISAServiceDesk@cisa.dhs.gov or 888.282.0870. We also encourage credit unions to report identified cybersecurity incidents to their district examiner and EIMAIL@NCUA.GOV as soon as practicable.
Cyberattacks and cybersecurity vulnerabilities pose significant risks to the financial system. Because of vulnerabilities within the credit union industry and the broader financial system to potential cyberattacks, cybersecurity is one of the NCUA’s top supervisory priorities and a top-tier risk under the agency’s enterprise risk-management program. The information contained on the NCUA’s Cybersecurity Resource Center is offered as a resource for research and informational purposes to help credit unions improve their cyber resilience
The NCUA has made a good-faith effort to collect and post resources from the agency and those throughout the federal government and private sector. The content in this resource center may not reflect all of the requirements or guidance in the area of cyber and information security and should not be construed as requirements except as noted. The NCUA does not endorse any vendor, service, or product. When you access links on these webpages, you may leave the NCUA’s public website.