Trent Henson, Chief Technology Officer and Gene Fredriksen, Principal Cybersecurity Consultant, join episode #2402 of the CU Broadcast to share how the Solar Winds incident has changed the credit union.
What does the board need to understand about Solar Winds?
- We operate in a changing business environment. This event has opened a back door into our systems, and we need to adapt our security models.
- As credit unions became remote, we increased our risk exposure. Data follows people, not places. Strengthen your security posture regardless of how your people access your systems, whether from home or the office.
- This event has set a blueprint for sophisticated future incidents. Unfortunately, hackers are getting smarter.
How has Solar Winds shifted the credit union risk management model?
Defense in Depth has been a CISO song for years. It is critical to have systems that stop a threat from moving from one zone to another. A good analogy for this is counterfeit money.
Adopt a Zero Trust model like the Gartner SASE framework below. This redesigns credit union security to be resilient in a dynamic environment. Opting for this kind of agility becomes a core strength.
What action can the credit union take to mitigate this event?
By now, everyone has checked with their vendors to confirm the supply chain has not been infiltrated by this breach. Now that this triage phase is complete, it is time to move proactively with the mitigation steps below:
- Malware and Virus detection are not enough. Implement a concert of security tools that work together. Layer protection across the internet, internal network, credit union applications, and your data.
- Vigilant Patching is not enough.
- Creating a Zero Trust Network Access structure fits changing scenarios of risk management.
- Share information and collaborate with peer credit unions to benchmark and collectively learn.
Your Credit Union is our Purpose. Our team is only a call away!
