Farm Credit Mid-America is one of the largest agricultural lending cooperatives in the U.S. Farm Credit System, employing more than 1,100 people and serving more than 100,000 customers across Indiana, Ohio, Kentucky, and Tennessee.
As a part of the U.S. Farm Credit System, Farm Credit is subject to the rules and regulations of the Farm Credit Administration (FCA). The FCA, an independent agency, routinely issues guidance consistent with increasingly stringent regulations enforced by broader federal financial service agencies including the OCC, FDIC, and FFEIC.
One of the Farm Credit's primary concerns is that vendors not required to adhere to the same or similar regulatory oversight as Farm Credit may not establish high security standards. Farm Credit was relying on point-in-time assessments and questionnaires to review vendor risk, but that lead to ineffective resource allocation, inaccurate security data, and limited visibility into security risks.
SecurityScorecard enables Farm Credit to discover, monitor, and report on the cyberhealth of its own IT infrastructure via an outside-in view that allows the security team to see what a hacker sees. This increased visibility combined with in-depth analysis of the company’s internal systems and dynamic attack surface ensure that security practitioners remain aware of potential vulnerabilities. Adoption of the SecurityScorecard platform also enables Farm Credit to proactively assess all connected third-party vendor environments and gain visibility into the organization’s ecosystem risk.
Farm Credit’s proactive approach to vendor risk management has dramatically improved security team capacity while substantially enhancing third-party business relationships. The company can instantly vet the security risk posture of every service provider in its portfolio via comprehensive visibility into all vendor systems that integrate with Farm Credit infrastructure. Practitioners can quickly minimize and remediate vulnerabilities that expose the firm to attack. Farm Credit can now also easily prove and maintain compliance with regulatory standards and guidelines via SecurityScorecard’s automated auditing process, thereby minimizing the risk of penalties against the organization.