By Sam | September 17, 2018

3 Takeaways from the Ongoing Operations Digital Incident Response Joint Exercise

Last week, I had the pleasure of co-facilitating a Digital Incident Response Joint Exercise hosted by Ongoing Operations and TruShield. Cybersecurity workshops for credit unions have become more important than ever. Bob Miles, Managing Director of the Information Security Group at Ongoing Operations, Paul Caiazzo, CEO of TruShield, Aaron Hensinger, Digital Forensic Incident Response Lead at TruShield were the other co-facilitators of the event.

Massive cyber-attacks continue to make headlines for affecting computers across the globe. We know for sure that these malicious acts will not stop, and their devastating effects have ignited concern for information security among Credit Unions. If you haven’t considered the need to integrate Digital Forensics into your IR (Incident Response) Plan, you’re likely corrupting and missing valuable evidence and creating additional analysis time for your IR Team. Because tabletop cybersecurity trainings have proven an effective way to test procedures and playbooks, discover communication conflicts that may arise, and challenge decision-making processes, we put on this free event. While we discussed the importance of updating your credit union’s IR Plan to include Digital Forensic Planning and Techniques into your processes to improve analysis time and provide a more comprehensive investigation, we also had an open dialogue on recent investigations into high security breaches, spear phishing/whaling, wire fraud and sophisticated file-less malware affecting Point of Sale (POS) entities.

Here are the top 3 takeaways from the event if you were unable to make it.

1. Define ahead of time what is an incident and what is not. This is imperative. Next, test these incidents out in tabletop exercises. If you don’t test your incident response plan, then it may as well be useless. Hopefully your credit union has created a “paint-by-numbers” system that makes it extremely easy to decide during an event if something is a real incident or not. This will greatly affect how your team deals with the event.
2. “4th Party Vendors”. If you aren’t thinking about this, you need to be. Now, what is a 4^th Party Vendor? This is a vendor of a third party vendor. Now, why is this important? This is critical when assessing your security posture. Your credit union must ensure that new contracts have verbiage about sub-contractors and other vendor partners of your credit union’s third party, specifically around SLA violations and data breaches.
3. Data classification is becoming more and more important. While not yet required, it will be eventually. Get ahead of the curve with metadata on your files and classify what sensitivity each file has. After that is done, review where all of that data lives and make sure that you are comfortable with the risk around that storage.

If you have any questions or would like any additional information on the topic covered, please reach out to info@ongoingoperations.com. Subscribe to the Ongoing Operations blog today to stay up to date on the information that matters to credit union leaders such as yourself.

Also, stay up to date on upcoming Ongoing Operations events. We hope to see you at the next one!