As the Internet of Things (IoT) continues to find its way into the IT framework of credit unions, businesses are enjoying a broad range of benefits – from ubiquitous networks to the advanced cloud computing capabilities that help drive valuable, on-demand customer services. With accurate, real-time data, credit unions can ensure accuracy in risk assessment planning and other services while also rolling out enhanced technology features like mobile banking.
However, because IoT devices typically include a unique IP address that enables them to communicate and exchange data with other systems, they pose a daunting cybersecurity challenge for already taxed IT departments. Data breaches can have a devasting impact on credit unions and their customers. For example, a recent breach at a large Canadian credit union left all of its 4.2 million customers affected – exposing sensitive personal information such as names, addresses and social insurance numbers.
Cybersecurity has always been of paramount concern for financial institutions facing an increasingly complex, fast-changing modern IT environment. In this article, we’ll discuss more about the pervasiveness of cyberthreats in an increasingly connected world and break down some strategies credit unions can use to prepare to deal with these threats in a way that protects both business and customer data.
Putting “Things” into Perspective
According to a recent survey by RiskIQ, cybersecurity ranks among the top worries of IT professionals. The digital threat management firm revealed that 89 percent of all information security leaders are concerned about the rise of digital threats across web, social and mobile channels. And their trepidation isn’t without merit, as potential consequences of a data breach include damaged reputation, downtime, the loss of sensitive personal or enterprise information, and distributed denial-of-service (DDoS) attacks designed to paralyze major websites. Considering the severity of possible outcomes, it’s not surprising that the global cost of cybercrime is projected to reach $2 trillion by 2019, representing a threefold increase from the 2015 estimate of $500 billion, as predicted by Juniper research.
Cybersecurity risks are growing not just in the magnitude of disruption, but in prevalence as well. According to the World Economic Forum 2018 Global Risks Report, attacks against businesses had nearly doubled in just five years’ time, and incidents that would once have been considered extraordinary are becoming more and more commonplace. These types of worrisome cybersecurity trends will likely continue to intensify with the growing interconnectedness of IT infrastructure. By 2025, research firm IDC forecasts that there will be 41.6 billion connected IoT devices generating 79.4 zettabytes of data.
As IoT expands and the risks associated with cyber-attacks grow, credit unions must ensure that their connected technology is secure and resilient. Experts recommend taking a variety of measures to safeguard against cybersecurity threats, such as using a firewall and encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful passwords policies and end point protection; and offering employees cybersecurity awareness training.
Additionally, as the proliferation of smart, connected devices link together more and more elements of everyday operations, credit unions must look to partner with technology and solutions providers that are willing to serve as a proactive participant in addressing IoT and security risks.
Evolving Regulatory Environment
In response to growing cyber dangers, global safety science organization UL has developed and published a standard for software cybersecurity for network-connectable devices, UL2900-2-2. The UL cybersecurity certification provides a purchaser the assurance that the product has been thoroughly reviewed and tested against a trusted benchmark.
State governments are also jumping into the fray now, taking legislative action to demand a higher level of cybersecurity. For instance, California recently passed a bill making IoT device companies more responsible for ensuring the privacy and security of the state’s residents. California law SB-327, which takes effect Jan 1, 2020, will require manufacturers of connected devices to equip them with a “reasonable security feature or features” that protect devices and their information from “unauthorized access, destruction, use, modification or disclosure.”
As technology providers take steps to adhere with these types of cybersecurity measures, it serves as a signpost for credit unions that they understand the risks that pervade the Internet and are serious about addressing them.
Building a Wide Barrier
For context on how important cybersecurity is at every point in a network, consider this: by targeting an overlooked vulnerability in a major retailer’s HVAC unit, hackers were able to access POS devices and steal 70 million client accounts.
Another area where more options for connectivity are emerging, opening up new opportunities for threats, is in the realm of power management. Devices like uninterruptible power systems (UPSs) aren’t typically top-of-mind when it comes to cybersecurity, but the desire of more IT professionals to leverage connected capabilities such as remote monitoring has driven manufacturers to introduce more of this type of functionality. This is why Eaton began taking steps to strengthen cybersecure in power management equipment – launching the first-ever UL 2900-2-2 cybersecurity-certified Gigabit Network Card for a UPS. Additionally, Eaton’s ongoing focus on cybersecurity has helped to ensure that all our products already comply with California’s requirements, from UPSs to power distribution units (PDUs) and power management software.
As industry standards and government regulations continue to evolve, these measures along with validation from independent testing will be among the best means for credit unions to ensure their equipment manufacturers have done their due diligence to mitigate risks. And, technology providers should anticipate answering to these types of growing demands as they relate to products that play across the connected spectrum.
A Security First Mindset
While meeting the requirements of regulators is a step in the right direction, much more must be done in the fight against cybercrime. In fact, as technology vendors begin make their own product updates to address the specifications of California’s bill, this new law – and others likely to come – encompasses just a small fraction of what is outlined in the official UL certification for cybersecurity.
Incorporating secure-by-design products and other solutions with a proven track record for cybersecurity will help credit unions avoid risk while also saving time and money. Complimenting this strategy, credit unions should also seek to partner with providers that can demonstrate an ongoing commitment to ensure their products meet the highest of standards.
With IT advancing at lightning speed, businesses must adapt quickly or risk getting left behind. Credit unions can’t afford the costs and delays associated with debilitating cyber-attacks. By taking a security-first approach and maximizing cyber safety rigors from the ground up – ensuring the devices across their network are optimized for protection – businesses will put themselves in the best position to meet current and future demands in the face of growing cybersecurity threats.
Hervé Tardy is Vice President and General Manager of Eaton’s Distributed Power Infrastructure business unit. In this role, Hervé manages the Americas product roadmap for power solutions, software and connectivity products to reinforce Eaton’s technology leadership.