(Oct. 22, 2021) Ransonware risks and threats to credit unions and other financial institutions are rising considerably, the NCUA Board was told Thursday, noting that the method now accounts for 10% of all cyber breaches.
The threat, NCUA Critical Infrastructure Division Director Ernie Chambers told the board, is enabled by cryptocurrency and has been cited as “among the largest of cybersecurity threats” today to financial institutions.
The cybersecurity presentation was made to the board partly in advance the updated Automated Cybersecurity Evaluation Toolbox (ACET), which will be introduced by the agency in a webinar set for next week (Oct. 28).
Chambers also cited phishing and supply chain attacks as key threats to the credit union system; he urged institutions to take steps to address each.
“NASCUS applauds NCUA’s comprehensive approach to fostering credit union cybersecurity resilience,” NASCUS’s Lucy Ito said. In addition to NCUA’s enhanced ACET self-assessment tool, she said, NASCUS supports the agency’s plan for rolling out Information Technology Risk Examination for Credit Unions (InTRExCU) in 2022. The system is based on the FDIC’s InTREx program for banks and has been adapted for credit union use.
“Several state agencies are already utilizing FDIC’s InTREx tools in state credit union IT examinations,” Ito noted. “This early adoption of InTREx in state regulator supervisory programs combined with NCUA’s InTRExCU pilot, together provide proof of concept for the relevance and value of adopting InTREx more broadly as a tool for evaluating credit union cyber hygiene and exposure.”
She said with most credit union CEOs citing cybersecurity risks as their greatest concern, utilizing a proven, scalable examination tool such as InTREx should be a “welcome addition to the national credit union system’s collective arsenal.”