There’s a lot of talk in the financial services industry about fraud, security breaches, the viability of Blockchain and more, but if credit union professionals don’t understand those topics in detail, they won’t be able to serve members to their full potential.
“The term ‘threat intelligence’ gets thrown around a lot, but it’s only intelligence if it means something to you,” PSCU’s Chief Security Strategist Gene Fredriksen said during the 2017 CUNA Technology Council and CUNA Operations & Members Experience Council conferences held recently in Phoenix, Ariz. “Too much threat information becomes a threat.”
As part of the conference, Fredriksen sat on a panel with Texans Credit Union’s CIO Charlotte Morrison and Alliant Credit Union’s CISO Bill Podborny. Together they presented the well-attended session: Understanding Financial Industry Security Concerns.
“With Equifax, how do you extricate 143 million records and don’t know it?” said Morrison. “That is just absolutely amazing to me.”
If there is a silver lining to breaches, Podborny said, it is that CEOs are not afraid to spend money on security initiatives.
“Unfortunately, and fortunately, it’s not as hard to sell security as it was five or six years ago,” said Podborny. “This is good for the security folks, but bad for the industry. You need to look for opportunities that engrain security within projects.”
Fredriksen added that phishing scams are still a leading cause of credit union hacking. To this end, he said allocating funds to address this prevailing issue is imperative.
“It is wise to get a phishing tool to do phishing tests,” he said. “And you really need to focus on education. It can’t be that once a year thing to go through just to keep the [National Credit Union Administration] happy.”
In many cases, credit unions breaches are a result of a third party interface. This can be tricky for C-level executives to navigate, noted the panel.
“Don’t be afraid to walk away from the vendor,” said Morrison. “We have walked away from contracts because it indemnified us. It’s not worth the risk, and it sends a really loud message to vendors.”
“Blockchain is not Bitcoin,” said Best Innovation Group’s CEO John Best, who presented “The Use and Promise of Blockchain” session during the conference. “Now say it with me loudly,” Best implored to the near capacity conference room. “Blockchain is not Bitcoin!” The crowd said twice in unison.
The session provided insights as to how Blockchain can help credit unions solve operational and logistical challenges as well as improve record keeping, support remittance and settlement functions and automate contracts, noted a spirited Best.
“All the latest technologies that you will be hearing about in the next couple of years that you will desperately trying to get your arms around will be artificial intelligence, data analytics and this technology, Blockchain,” said Best. “But this all involves scale, which we [the credit union industry] do not have. Our ultimate fuel is collaboration.”
While Best conceded Blockchain technology is in its early phases of development, he said it could eventually alter how various funds are transferred. To this end, he hopes credit unions collectively take a serious look at this technology.
Blockchain technologies only work in a collaborative environment, added Best. He pointed to the company, R3, and its Corda distributed ledger platform. The initiative is backed by 80 of the world’s largest financial institutions. The banks, however, have a quandary: their respective for-profit business model. As such, Goldman Sachs and Santander have recently dropped out of the consortium.
“We are talking J.P. Morgan, Bank of America and Wells Fargo,” said Best, who added that while R3 is moving forward, they aren’t necessarily united because banks are not used to collaborating on a common goal. “This is the credit union industry’s ultimate opportunity.”
Tech and Opps attendees have shared goals
One of the many benefits of the CUNA Technology Council Conference and CUNA Operations & Members Experience Council conference being held in the same location is cross-pollination of ideas and concepts.
“I went to the see an IT panel of experts and they really helped clarify things for me, such as small credit unions should keep it simple with technology because there is so much risk, vulnerabilities with more services, ” said Priority Credit Union’s Chief Operations Officer Maria O’Shea. The $68 million Orlando, Fla.-based CU supports approximately 14,000 members.
“The panel told me that there is so much going on in information security that at our size it would be better to outsource IT,” said O’Shea who was attending her first Tech and Opps conference on a grant provided by CUNA. “And we had just made the decision to do that last year, so it was really good validation. We oversee out IT, but we don’t have to be the experts.”
O’Shea wears many hats at Priority Credit Union, including overseeing IT, operations, compliance, marketing and human resources. She spent the 11 years as the CU’s HR head and the last two as its COO.
“The confirmation that we are going in the right direction with regard to information security is huge for me,” said O’Shea. “I really love that they combined the conferences because I’m really learning a lot of great takeaways.”