We recently spoke to our customer Eric Hoskins, Senior Vice President / Chief Information Officer at University Credit Union, to discuss everything from his role, working in the pandemic, his biggest cybersecurity challenges and how Cygilant helped address them.
University Credit Union was established in 1947 as the University of Miami Credit Union to serve the University of Miami faculty, staff and alumni. The credit union built a reputation for meeting the financial needs of the University Community with critical, basic financial services.
Tell me a little bit about University Credit Union and your role as CIO?
I started in 2005 as the VP of IT. Over the last 16 years, I have seen a lot of change as technology and threats have evolved. The good old days of stopping hackers at the gate does not cut it anymore. I have had to evolve to learn and prepare for new threats. As a small team of two, to stay secure we needed a partner like Cygilant to help us.
What is it like being a CIO in a CU during the pandemic?
It certainly hasn’t been fun! Since I also head our Business Continuity and DR plans, 2020 was certainly a challenge. While we had a plan for pandemic, I don’t think anyone foresaw the country shutting down the way that it did. We had to lean on our digital services even more which is why we launched a new digital banking platform to our membership. Without this, we would have been at a serious disadvantage.
What are the biggest challenges that you are currently facing?
The better question is what am I not facing? Just three people must maintain a full set of digital banking tools, lending platform and core systems along with email, and everything else, all while making sure these tools are safe and secure.
What problems were you facing before you chose to work with Cygilant?
The biggest challenge for our team was a lack of eyeballs on systems. We just don’t have enough of them along with time to do a proper review of logs and alarms to best detect or suspect an intrusion. Selecting a SOC in the cloud was really the best option for us. We instantly gained the ability to be more efficient and effective with our time when researching possible attacks.
What solutions were you using?
We were using a multitude of solutions. While effective, they still require someone to review and identify issues, which created complications in triaging threats. We either didn’t have the time or the expertise to do so.
What threats or types of attacks do you see most often?
PHISHING. PHISHING. And did I mention PHISHING? Phishing is the most common tactic attackers use, it’s a vehicle or entrance point for more devastating attacks like ransomware. So stopping phishing attacks is a priority.
How has Cygilant helped you improve your overall security posture?
We now have a partner in our fight against cybercrime. Cygilant has provided the expertise and eyeballs needed to identify threat activity and stop it. Cygilant is more effective and its about a third of the cost as opposed to bringing in new talent and managing it all in house.
What are the main 3 benefits of working with Cygilant?
- Ability to review any number of threats.
- Great value and ROI are better than expected.
What tips would you share with others that might be experiencing the same challenges?
Don’t be afraid to ask for help. Too often, we think we can do it better ourselves and in the end the results are never as good as you would like. Bringing in someone with the skill sets that are necessary to combat these threats is a must and unless you have $150K to throw at it yourself, going with a partner like Cygilant just makes sense. It’s a far better return on your investment.
What have you been most impressed by Cygilant?
Communication. I can’t tell you how many other vendors I have worked with in this space that don’t communicate well at all, if ever. I need to know who is watching our back and that they understand our needs and challenges. Cygilant has been able to do that better than anyone I have dealt with over the past 15 years.
What made you decide to partner with Cygilant?
It was everything I just mentioned plus the demands of our regulators. They are continuously adding to our list of things we must do to be in compliance. Without the help of a third party, this would be nearly impossible.
Scale with Cygilant
If you are challenged with managing cybersecurity at your credit union due to a small team, compliance mandates and limited budgets, Cygilant can help. Get in touch to learn more about our SOC-as-a-Service as well as our SOCVue platform, Security Monitoring and SIEM partnership with LogPoint.