2018, a year in which an estimated $1.5 trillion were stolen by cybercriminals as illicit profit, is finally behind us! Yes, you read that correct – $1.5 trillion. If there were a comic line that existed with the ability to soften that number, we would place it here. But, alas, we’re left with just this gut-wrenching stat.
With cybercrime securing top headlines all over the globe, industries including the financial realm are now approaching their information security with an unprecedented level of care and interest. And this is a good thing – despite the fact that it took a figure like $1.5 trillion to spur this kind of action (okay, that’s the last mention of that number, I promise).
As we’ve discussed before, mid-sized credit unions are particularly appetizing targets for cybercriminals. Sure, the payout for an all-out breach at an organization with an asset size between $500 million and $2 billion may pale in comparison to the breach of a massive organization like Chase or Bank of America, but the approach is far easier. Relatively smaller organizations in the stage of growth and development where they are expanding members and opening new branches are often playing catch-up with their cybersecurity.
How can your organization in this stage better promote a stronger security environment in 2019?
Let’s take a look at what many financial institutions are and will be doing over this quarter: contracting new vendors to manage components of their business.
Vendors do great things for small to mid-sized credit unions every day, all over the country. If it weren’t for the interconnected economy allowing third-party service providers to host servers, perform penetration tests, and audit business, many financial organizations wouldn’t be able to even get off the ground.
But, it’s often these third party vendors that are targeted by cybercriminals to obtain information sensitive to your organization.
Let’s protect this critical data by mitigating your risk!
It starts with a focus on managing third-party service providers and understanding the potential risk those relationships pose to your business. Ensure they are aware that their information security controls and policies (or lack thereof) directly correlate with your own risk levels. Take action to assess your vendors’ security environment before an attacker does.
Looking for a trusted partner to provide a thorough assessment of your vendors to ensure your most critical data is in safe hands? Take a look at how Rivial has been providing this service since the inception of our company over a decade ago.
From a compliance perspective, many regulatory authorities understand the tremendous risk associated with third-party vendor security. As a result, they’ve updated their regulations to include vendor security requirements. We’ve laid them out for you here.
The FDIC and NCUA both require banks and credit unions to:
Audited financial statements should be required for significant third-party relationships.
Do your due diligence and understand the cyber maturity of your vendor partners and identify where there are vendor accountability gaps. Remember, some vendors need to have access to your critical data in order to effectively perform their services. Others definitely don’t.
Consult with security professionals to gain insight into which vendors have access to which data, and take action to make sure that only the ones who truly need it have it.
We know you don’t sleep on your organization’s cybersecurity. So please don’t sleep on your vendors’ security this year either.