NCUA Webinar on Cybersecurity Outlines Current Landscape, Assessment Tools

Any number of examples come to mind when discussing cybersecurity, but all circle back to the same premise: it’s a constantly changing world where both preparedness and responsiveness are key.

The National Credit Union Administration hosted a webinar on cyber security last week defining the current threat landscape and reviewing best practices and regulatory tools. Hosted by Bill Myers (NCUA Office of Small Credit Union Initiatives) and Tim Segerson (NCUA Office of Examination and Insurance) the presentation covered 90-minutes, giving attendees a wide-lens view at where we’re at now.

At the outset, Segerson described the current landscape as “shifting under our feet.”

“Technology and automation can remove the human backstop,” he said, by taking away human elements to security. In an industry that, according to a report referenced, is a leading sector in attracting criminal activity, Segerson stressed the importance of strong cybersecurity planning that includes changing with the times.

As technology continues to both evolve and bring people and ideas together, it has the same effect on criminal activity—essentially democratizing crime.The presenter noted that, with the continued growth of digital and social media comes more and more hackers of varying skill level and commitment.

The market for stolen data is a nonlinear one, as well, with black market prices for consumer data serving as another revenue source. In addition to merely stealing and using one individual’s information, thieves can also package and peddle card information in bulk.

With the risk clearly—and startlingly—defined, assessment tools were detailed, including the NCUA Cybersecurity Assessment Tool (CAT) and FFIEC Cybersecurity Assessment Tool, which NCUA uses in an advisory capacity, rather than mandating its use.

“The tool offers a common language,” the presenters noted. “They allow a credit union to better define and understand risk and communicate to vendors.”

They went on to discuss a more holistic look at security: Defense in Depth. Describing a layered-approach, with data at the center, the idea is to layer policies, procedures and systems around the most sensitive information.

“It’s not just a front door lock. Simple perimeter defense isn’t good enough, ”they noted, before pointing to employee training and system testing to ensure resilience.

After taking questions at the end, the staff noted that all submitted questions would be answered in approximately three weeks with the full webinar.

Click here for the presentation.For additional cybersecurity resources available through your Association, click here.

Questions about this story? Contact Eric Horvath: 503.350.2222,

Posted in Compliance News, NCUA, NWCUA.