- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
- Samsung's new flagship laptop rivals the MacBook Pro, and it's not just because of the display
- Email marketing is back and big social is panicking - everything you need to know
New NCUA Rule Requires Swift Cyber Incident Reporting
Federally insured credit unions have been notified by the National Credit Union Administration (NCUA) of a new regulation set to take effect on September 1, 2023.
Under the forthcoming rule, credit unions will be obligated to notify the NCUA about any reportable cyber incident within 72 hours. Such incidents include instances of unauthorized data access, disruptions in vital member services and breaches facilitated by third-party service providers.
The NCUA has outlined clear reporting protocols to facilitate compliance. Credit unions are expected to provide critical details when reporting, including their name, charter number and a concise description of the incident. However, specific sensitive data, such as indicators of compromise (IoC) and specific vulnerabilities, are advised to be excluded from the initial communication.
In preparation for the rule’s enactment, credit unions are advised to revisit their existing incident response plans, scrutinize contracts with third-party service providers and ensure that employees are adequately trained to identify and promptly report cyber incidents.
“Plausible deniability is now dead. This has been a long time coming,” commented Tom Kellermann, SVP of cyber strategy at Contrast Security.
“The first 72 hours is of paramount importance to prevent lateral movement by cyber-criminals and systemic fraud. I applaud the mention of third parties as many banks are hacked due to the compromise of shared service providers via island hopping.”
This regulation marks a significant step toward shoring up the financial sector’s defenses against cyber-threats. As credit unions embrace this new directive, their cybersecurity measures are expected to be fortified, ultimately contributing to a more secure landscape for members and stakeholders.
For additional information and resources on how credit unions can effectively navigate this new rule, interested parties are encouraged to explore the NCUA’s dedicated Cybersecurity Resources webpage.
