At the 2023 Supervisory Committee & Internal Audit Conference in Las Vegas, cybersecurity expert Cy Sturdivant warned credit union leaders about the increasing threat of cyberattacks. According to Sturdivant, no organization is safe from cyber threats, regardless of its size or industry. He emphasized that as long as an organization is connected to the internet, it is vulnerable to potential breaches.
Sturdivant pointed out that the financial industry is particularly at risk, with the average cost of a data breach for financial institutions reaching almost $6 million in 2022. He highlighted that cybercriminals often exploit human error rather than trying to breach sophisticated security systems. The most common cybersecurity threats include social engineering attacks, supply chain attacks, malware, cloud security vulnerabilities, and AI-powered hacking.
Looking ahead, Sturdivant made ten predictions about the future of cybersecurity. He anticipated that ransomware attacks would increasingly be used as a tool for cyberwarfare, supply chain attacks would become more prevalent, and cloud security failures would lead to major data breaches. He also warned of the use of AI for hacking, the surge in IoT botnets, and the emerging threats from quantum computing.
In order to combat these cybersecurity threats, Sturdivant recommended several best practices for credit unions. These include maintaining encrypted offline data backups, implementing strong configuration hardening measures, having an incident response plan in place, and prioritizing email security and awareness training for employees.
Sturdivant emphasized that managing cyber risk is crucial for protecting not only member data, but also the employees, the institution, and the industry as a whole. He stressed that cybersecurity is ultimately about caring for the people affected by potential breaches.
As cyber threats continue to evolve and grow, it is important for organizations to stay vigilant and proactive in their cybersecurity efforts. By following best practices and staying informed about emerging threats, credit unions can better protect themselves and their stakeholders from potential cyberattacks.