The 2016 Bangladesh bank hack raised new concerns related to cyber threats among financial providers, including credit unions. A former White House chief information officer, Theresa Payton, was a keynote speaker at the World Credit Union Conference in Belfast.
She told credit union representatives that cyber security should be one of the main topics on their agenda. “Members deserve the latest and greatest technology. But a breach is inevitable. All technology can be upgraded by design today, which means it can be open, which means it can be hacked,” she said.
Ms Payton is herself a member of two credit unions, through her father, a former US Marine and her husband, who serves in the US Navy. Credit unions provide financial services for USA military personnel and their families across various states.
Between 2006 and 2008 Ms Payton was White House chief information officer where she oversaw IT operations for president Bush and his 3,000 staff. Her prior positions include roles in banking technology at Bank of America and Wells Fargo. In 2008 she founded Fortalice Solutions, a security, risk and fraud consultancy company that works to help organisations understand and improve their IT systems.
Quoting Sally Leivesley, a former Home Office scientific adviser, Ms Payton said that hackers pose more of a threat than nuclear weapons. She warned delegates about common misconceptions regarding cybersecurity, such as the idea of being protected simply by having an anti virus software.
“Every 90 seconds a new version of malware is found. No software can keep up with that,” she said.
Another error is thinking that because staff members are friendly credit unions should only worry about hackers outside their network. She argued that while this may be the case, the credentials of employees could be compromised. According to Ms Payton, 95% of all security breaches are due to human error, and 78% of these involve tricking the user.
“The hack in Bangladesh is a case study we are watching and your board needs to be discussing it,” she added.
To approach the challenge Ms Payton suggested credit unions name two top critical assets and focus on protecting these. The next step would be to split these in five different segments and have them in different places from the rest of the assets.
“A breach is inevitable but how we respond as a victim is not,” she added, advising board members to make the case for increased cybersecurity as part of disaster planning or an extension of other programmes.