NCUA Dialing in on Cybersecurity for 2021

  • June 1, 2021
  • Quantivate

Cyberattacks against private networks have been increasing and can have a severe impact on credit union supply chains. The National Credit Union Administration (NCUA) board recently received a cybersecurity briefing during its monthly meeting, where the Chairman’s Special Advisor for Cybersecurity, Johnny E. Davis Jr., stated that cyberattacks tied to the pandemic continue to be a significant risk for credit unions across the nation.

The agency now has the opportunity to revamp examination criteria to include, according to the NCUA, an “emphasis on certain privacy and security controls that lend themselves to identifying and deterring fraud, especially around access management.” The regulator is planning to offer a forum that will be tied to Cybersecurity Awareness Month in October to review best practices for implementing programs that help identify emerging risks.

Leaders within the agency have also advised Congress to reconsider the NCUA’s request for third-party and vendor management oversight after the pandemic ends. The NCUA has been advising Congress to allow the agency to oversee vendors for cybersecurity risks for decades, but these fairly regular requests have fallen on deaf ears and failed to build momentum on Capitol Hill.

“As noted in your presentation, the COVID-19 pandemic has increased cybersecurity exposures for federally insured credit unions,” Chairman Todd Harper said. “Phishing, ransomware, and distributed denial of service attacks are just some of the ways that cybercriminals exploit vulnerabilities within the credit union industry and the broader financial system. To compete, credit unions must be able to safely and securely use technology to deliver member services and adopt financial innovations to ensure the industry’s long-term success. We must all work together to promote innovation with an emphasis on security and equity.”

An integrated information and technology architecture is critical for organizations to build a more thoughtful and strategic approach to detect and respond to incidents and remain resilient. Organizations need complete situational awareness and visibility into risks scattered across systems, operations, processes, relationships, and data to fully be prepared.

Further Reading on Cybersecurity and IT Risk Management: