Pub. 10 2015-2016 Issue 4

www.nebankers.org 22 Extraordinary Service for Extraordinary Members. Once Upon a Data Breach Alyssa Pugh, CoNetrix TECH TALK I N THE AGE OF TECHNOLOGY, THE FIGHT for cybersecurity often feels like a losing battle. We move three secure steps forward, developing new technologies and resources, only to find we are seven steps behind the hackers. With our minds on creating the next best thing, we can (and do) miss security needs of our new inventions. Vulnerabilities are born. Admiral Michael Rogers, director of the National Security Agency and com- mander of U.S. Cyber Command, re- cently stated at the 2015 Aspen Security Forum, “I believe that duringmy time as the commander of United States Cyber Command, I will be directed to deploy capability fromU.S. Cyber Command to defend critical U.S. infrastructure either in anticipation of or in the aftermath of a significant cyber event. . . . It’s the ‘when,’ not the ‘if,’ to me.” 1 Honestly, it’s the “when,” not the “if,” for all of us. With the increasing frequency of cyberattacks, it is difficult to feel safe in today’s threat landscape. In the past year alone, I have received offers of “free identity theft protection” frombothmy health insurance provider and my phone company due to their own costly data breaches. We are not safe anymore. As daunting as this present situation feels, our story has already been told through tales of unwinnable battles at the Black Gate of Mordor, against the Galactic Empire, for freedom in 1776, and beyond. Darkness looms before us and options feel limited to be destroyed or die fighting. Yet, this is never the end of the story. As J.K. Rowling observes, “We are only as strong as we are united, as weak as we are divided.” The strength of unity in the face of impossible hardship is a powerful thing. Through unity and great leadership, unwinnable battles become blockbuster movies. While guidance and regulation are not as fun to read as the words of great storytellers of yore, our leaders are doing their best to provide resources and tools for this uphill battle. The Federal Financial Institutions Examina- tion Council (FFIEC) encourages banks and credit unions alike to join with information-sharing agencies, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC). The FFIEC also has provided resources for financial institutions to use in prepa- ration for this fight, such as the recent Cybersecurity Assessment Tool. Admittedly, all of this “help” can feel overwhelming. If you don’t know where to start, then start simple and use the Cybersecurity Assessment Tool to see where you stand. You can’t protect yourself unless you know where you are vulnerable. On its website (https:// www.ffiec.gov/cyberassessmenttool. htm), the FFIEC gives some specific steps to help you do this. • Step 1: Read the Overview for Chief Executive Officers and Boards of Directors. This document is a quick five pages. It’s a brief introduction to the tool and it talks about things like roles and responsibilities. It’s good to know your place in the team. • Step 2: Read the User’s Guide. At 10 pages in length, this document is a little longer, but it is still very manageable. This is your plan of action. It defines and explains how the assessment works. • Step 3: Complete the Inher- ent Risk Profile. This can be