First day of Cyber Symposium focuses on issues

Aug. 1, 2016 – Issues facing credit unions and financial institutions generally in ensuring cybersecurity were on highlighted on the first day of the 2016 Cybersecurity Symposium, which continues through Tuesday in Chicago.

Chad Nordstrom of CliftonLarsonAllen served as the host for the program; he replaced Tom Schauer (also of CLA) who died in July. Nordstrom led a moment of silence in honor of Schauer, who had earned a loyal following among those who attended the first two symposiums, which Schauer hosted.

Nordstrom then took the group on an assessment of the information security environment for 2016, telling the group that they should “assume you will be breached” and that no one in an organization should assume that “IT is the end-all be-all," but that cybersecurity is an enterprise-wide issue. Among challenges ahead, Nordstrom identified ransonware/malware, more sophisticated attackers, criminal gangs involved in cyber crime, as well as foreign actors.

Among the other speakers:

  • David Reed of the law firm Reed and Jolly discussed the laws protecting credit union members’ information, noting members’ sensitivity about their privacy, and urging members of the group to a perform a privacy inventory at their institutions.
  • NCUA’s Christina Saari outlined key steps for developing a cybersecurity threat intelligence (CTI) program, which she urged the group to adopt. A key tactic for adopting CTI, she said -- institutionalize the process.
  • Later in the day, Michelle Misko of Tracesecurity outlined cybersecurity risk assessment frameworks, pointing out “best practices” for adopting any of them: Test systems regularly, maintain baseline maturity to maintain compliance; and complete basic testing.
  • Jim Vilkers oF CU*Answers closed out the day by stressing the importance of weaving into the cybersecurity fabric of institutions anti-money laundering/Bank Secrecy Act (BSA) functions, as well as identity theft prevention efforts.

(Below, clockwise from top left): The audience listens carefully to opening comments by Chad Nordstrom; Nordstrom welcomes the group; Jim Vilkers closes the day; a full house listens to Gina Carter discuss the Cybersecurity Information Sharing Act (CISA); David Reed expands on a point about privacy laws.

Monday group