In this episode of the SecurityANGLE, I’m joined by my friend and frequent co-host, Jo Peterson, analyst, engineer, and member of theCUBE Collective community of independent analysts. Our conversation today centers on cybersecurity for financial services organizations, and specifically, we’re going to take a look at credit union cybersecurity and discuss strategies for cyber resilience. Our guest today is Stephenie Southard, Senior VP and CISO of BCU (also known as Baxter Credit Union), a state-chartered, federally-insured credit union headquartered in the Chicago suburbs.
But Stephenie’s accolades don’t stop there. She has over 25 years of experience in IT and security, with deep expertise in physical and logical governance, risk management, acquisitions, and incident response. She’s worked in a variety of sectors, including government, education, non-profit, and the financial sector. She’s an advisory board member of a number of organizations, has received more awards and recognition for her accomplishments than I can count, travels all over the world speaking on a variety of topics — she’s the real deal.
Watch Credit Union Cybersecurity: Strategies for Cyber Resilience here:
With 139 million Americans served by credit unions, these financial institutions have become increasingly attractive targets for cybercriminals. Like banks and other financial entities, credit unions possess vast amounts of personally identifiable information (PII), making them prime targets for data breaches and ransomware attacks. As such, strategically developing strategies for cyber resilience is a key area of focus for credit union CISOs.
In our conversation, Southard confirmed that credit unions do indeed face similar security risks as other financial institutions. They undergo annual audits by regulators such as the National Credit Union Association (NCUA) and state charters, following FFIEC guidelines. These audits assess security posture, risk management, and incident response capabilities.
Regulatory Landscape and Vendor Oversight
A significant development in the credit union space is the NCUA chairman’s recent request to Congress to restore vendor authority over third-party service providers. Southard emphasized the importance of this move, describing the current lack of oversight as an “Achilles heel” for credit unions. Enhanced authority would allow for better examination and regulation enforcement on vendors, ultimately improving cybersecurity across the credit union system.
Challenges and Strategies in Credit Union Cybersecurity
When it comes to credit union cybersecurity, there are a number of key challenges facing CISOs. Southard highlighted several of those challenges during the course of our conversation, which include:
- Executive alignment and expectations
- Balancing security budgets with risk tolerance
- Staffing and retention in cybersecurity roles
- Adapting to complex and evolving threat environments
As we discussed tactics to address these challenges, Southard recommended the following to fellow credit union CISOs and their security teams:
- Leveraging AI and machine learning to enhance security operations
- Encouraging continuous learning and upskilling among team members
- Looking beyond traditional hiring pools, including veterans and recent graduates
- Embracing remote work options to access a wider talent pool
The Power of Diversity in Cybersecurity
The final part of our conversation in this episode focused on the dearth of women in the cyber workforce and explored the benefits that a more diverse workforce can provide.
With women representing only 12% of the cyber workforce, there’s a clear need for greater diversity in the field. Southard, Jo, and I all emphasized the unique strengths women bring to cybersecurity roles, including:
- Strong leadership and vision
- Excellent communication skills
- Adaptability and resilience
- Collaborative problem-solving abilities
- Attention to detail
As female leaders in the tech industry, Jo and I have both witnessed firsthand the positive impact of diverse teams on organizational outcomes and frankly, that’s one of the reason we feature so many brilliant women in our discussions here on the SecurityANGLE. Lifting up and highlighting the accomplishments of other women in tech is a personal mission for us.
We land pretty squarely on one truth: It’s crucial for CISOs and senior leaders to actively seek out and nurture talented women in the field. The skillset that women bring, their empathy and strong communication skills, along with their deep attention to detail add great value, in cyber security and business resilience efforts and beyond, is significant.
Nurturing Talent, Building Strong Teams all Play a Role in Cyber Resilience
As we wrapped the conversation, Southard’s shared her approach to team building, which involves taking chances on individuals from diverse backgrounds and investing in their growth. This strategy not only helps address the cybersecurity skills shortage but also fosters a culture of trust and mutual support within the team.
This look at credit union cybersecurity underscored the reality that as the cybersecurity landscape continues to evolve, credit unions must remain vigilant and adaptive. By championing increased regultory oversight, embracing diversity, leveraging new technologies, and fostering a culture of continuous learning, credit unions can better protect their members’ data and maintain the trust that is so crucial to their operations and they can also strengthen their cyber resilience as part of the process.
Check out more of my coverage here:
Zscaler ThreatLabz 2024 Ransomware Report Highlights with Brett Stone-Gross
HPE Fortifies AI-Powered Networking Portfolio with Advanced Security Features
