Request a Demo
Cygilant Blog

Credit Unions Under New Pressure As NCUA Becomes More Rigorous About FFIEC Compliance and Plans to Incorporate Cybersecurity Assessment Tool in Examination Process

Posted by Shawn O'Brien on Jul 28, 2016


Credit unions face major challenges when protecting financial data in today’s threat landscape. In addition to protecting consumer data and financial records, IT security teams must also deal with compliance mandates for FFIEC and a patchwork of federal, state, and other industry regulations. With so many regulations and areas to consider, the task of securing a network from breaches and vulnerabilities while meeting compliance requirements can seem overwhelming. That task has become even more onerous with the National Credit Union Administration (NCUA) buckling down even further on FFIEC compliance to ensure that credit unions are as secure as possible, given how many data breaches are still happening in the financial services industry today.


NCUA’s primary mission is to “ensure that credit unions remain safe and sound in both good times and bad.” In order to achieve this goal, it performs annual examinations of all federal credit unions and all federally insured, state-chartered credit unions with $250 million or more in assets, to assess how secure their security infrastructure is. This might sound like an easy test to pass, but given that cyberattacks are expected to increase in frequency and sophistication, credit unions need to adapt to the threats faster to stay secure. As credit unions become more reliant on digital systems to meet the ever-changing demands of their members, they will become easier targets to cybercriminals if they don’t fully operate within the strict guidelines of FFIEC compliance and maintain a strong security posture at all times. While NCUA recognizes how demanding this can be for credit unions, it still plans to continue to strictly enforce FFIEC compliance mandates to the fullest extent and provide new and effective tools in order to mitigate any possible cyber attack risks to credit unions.


Due to NCUA’s continued thorough evaluation of credit unions’ cybersecurity risk management, it has successfully launched a joint Cybersecurity Assessment Tool with the other member agencies of the Federal Financial Institutions Examination Council (FFIEC). The tool provides a structured methodology for credit unions to manage information security and protect member information more effectively. The main benefit of this assessment tool is to enhance the cybersecurity oversight and management capabilities so that credit unions can successfully identify any gaps in their security and compliance posture.


However, as effective as this new Cybersecurity Assessment Tool may be, most credit unions are still left with the common challenges they have always faced, which is they don’t have the necessary IT staff, budget, or resources to ensure their organization’s security posture is the best it can be at all times. While the NCUA is applying more pressure on credit unions to step up their cybersecurity defense, credit unions ultimately struggle to find a way to gain network visibility and build a vulnerability assessment program to help meet the FFIEC compliance mandates. But there are managed IT security services available that can overcome these challenges and allow credit unions to build the world-class security program they need to defend against today’s cybercriminals.


EiQ’s SOCVue Security Monitoring service helps credit unions address FFIEC cybersecurity standards by providing 24x7x365 security monitoring and proactive security controls assessment. As part of the service, EiQ’s SOC team will proactively assess network security controls, which are based on the SANS CIS Critical Security Controls, in order to reduce compliance risk. The security controls are directly mapped to relevant sections of the FFIEC Handbook. In addition, EiQ offers the SOCVue Vulnerability Management service, which provides vulnerability detection and remediation guidance designed to help address FFIEC Host Security and User Equipment Security requirements. EiQ’s FFIEC Compliance page illustrates how the SANS CIS Critical Security Controls map to the FFIEC Examiners Handbook and how EiQ addresses them.


More and more, organizations that were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid security as a service that combines the best people, process, and technology is a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. EiQ offers cost-effective SOCVue Starter Packages that allow credit unions to acquire the strong security and compliance posture they deserve. To learn more, please request a demo today.


Request Free Demo Now!


Tags: Compliance, Cybersecurity, Financial Services, FFIEC, Credit Unions

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All