Nearly two decades ago, when the internet was still a pup and hackers were often script kiddies out for fun more than fraud, the Financial Services Information Sharing and Analysis Center was formed.
Heather McCalman is the non-profit consortium’s first Credit Union Council manager. McCalman had been a member of FS-ISAC’s Credit Union Council Advisory during her 10 years in information security at SC State Credit Union ($731.9M, Columbia, SC).
McCalman comes aboard as the organization’s Community Institution and Associations membership has soared from 230 institutions to more than 3,800 in the past three years. Overall membership exceeds 7,000 organizations in 38 countries.
That growth has come as cyber threats have moved downstream as well, focusing on smaller institutions often perceived as more vulnerable. Community financial institutions are a particularly good fit for FS-ISAC’s global network of threat intelligence gathering and analysis, says the Reston, VA-based organization’s president and CEO, Bill Nelson.
"We’re seeing tremendous sequential growth in this area, but more importantly these members are incredibly active in their information sharing and engagement in our information-sharing community,” Nelson says.
For her part, McCalman will focus on helping credit unions, by encouraging them to join and be active with FS-ISAC and by sharing best practices and information about solutions to cybersecurity challenges.
“It’s incredibly reasonable to join and you get a tremendous amount of information and connection with a trusted network,” McCalman says.
Basic memberships range from $250 to $850 and includes alerts and crisis notifications, weekly and monthly summary reports, and access to listservs, discussion groups, and information about tactics and best practices.
Jeff Korte, FS-ISAC’s director of community institutions and associations, says network participation and use of its “complete reservoir of best practice documents can help you quickly transition from just a baseline level in your policies to a much greater maturity.”
Korte says that’s the kind of information those responsible for security need to help keep credit unions, including their boards and top management, abreast in ways that meet the kinds of expectations now put in place by regulators and enforced by examiners.
To quote the NCUA’s supervisory priorities for 2017: “(We) plan to increase our emphasis on cybersecurity by enhancing the examination focus with a structured assessment process.”
Along with financial institutions themselves, the FS-ISAC network includes trade groups like CUNA, commercial security firms and government agencies including regulators and law enforcement.
In fact, it was Presidential Directive 63 that led to the creation of FS-ISAC in response to a mandate that public and private sectors share “information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure,” the organization points out.
That was in 1998.
Here’s the link to FS-ISAC’s “how to join” page. McCalman also invites credit unions to contact her at firstname.lastname@example.org.