Cybersecurity is a concern that cuts across all industries andeconomic sectors. But the potential for online fraud is especiallyworrisome in the financial services sector, where financialinstitutions are considered to be prime targets for fraud and cyberattacks.

Credit unions are particularly vulnerable to cybercrime, due tothe fact that they typically use off-the-shelf services to operatetheir mobile or Internet banking. They often don't haveindividually optimized systems equipped to manage unauthorizedsystem access and illegal fund transfers from member accounts.

As the fraud landscape for credit unions continues to evolve, ithas become mission-critical for credit unions to understand thenature of the cybersecurity threats they are up against, and todevelop response strategies that maximize security withoutsacrificing customer convenience.

The Threat Environment for Credit Unions

In the financial services sector, hackers usually focus theirenergies on securing stolen credentials to access customeraccounts, generating fake accounts to access credit and/orillegally transfer funds from existing customer accounts.

First generation, single-layer security measures are now widelyconsidered to be ineffective in preventing cyber fraud, however.Instead, Federal Financial Institutions Examination Council bankingguidelines mandate the implementation of a multi-layered securitystrategy that centers on two key areas: Device identification andmalware protection.

Device identification measures are designed to authenticateusers and devices, distinguishing legitimate system users (i.e.members and employees) from cybercriminals. Although this was onceachieved through cookies and IP address intelligence, FFIECguidelines now call for more advanced device identificationtechnologies, recognizing the fact that fraudsters are becomingmore sophisticated.

Malware threats are also a major concern and are pervasiveacross the financial services industry. In today's threatenvironment, credit unions and other financial sector organizationsare besieged by Trojans – a type of malware that masquerades asapplications.

The latest round of Trojan viruses consists of an insidious formof malware known as Man-in-the-Browser attacks. MitB Trojans injectmalicious JavaScript into online banking pages when members log into the system. Multi-factor authentication schemes have been provenuseless against MitB attacks, leaving many credit unions extremelysusceptible to MitB intrusions.

A February 2011 survey conducted by Gartner revealed thatfinancial institutions believe malware to be the primary concern inthe current threat landscape – a concern that has no doubt beenexacerbated by the fact that in 2011, the financial industryexperienced a dramatic increase in sophisticated MitB Trojanactivities supporting fraudulent transactions with stolenidentities.

Managing the Threat Landscape

For credit unions, robust cybersecurity means effectivelybalancing a range of organizational, technical and member-facingvariables. Although top-notch security measures are important,fraud prevention solutions must be implemented in a manner thatconforms to budget parameters and the delivery of seamless onlinebanking experiences.

The best cybersecurity initiatives emphasize a multi-layersecurity approach that spans the entire customer acquisition andtransaction lifecycle. Deployed security solutions should featurecomplex, next-generation device identification technology as wellas malware protection capable of preventing MitB attacks andemerging malware-based threats.

In the past, credit unions have been forced to rely on multipleproducts and vendors to achieve adequate fraud prevention (deviceidentification) and malware protection. But the consolidation offirms in the fraud prevention and cyber security managementindustry is resulting in the creation of integrated, single-sourcesolutions. These solutions treat fraud prevention and malwareprotection as a single problem, delivering intelligence sharingcapabilities and real-time responses to potential threats.

In addition to providing a more unified approach tocybersecurity, integrated solutions also provide credit unions withcost efficiencies and ease-of-use benefits – mitigating some of theprimary obstacles that have prevented credit unions from launchingmore aggressive cybersecurity agendas.

Going forward, the threat of cyber attacks is expected tomultiply exponentially. The Aite Group estimates that as many as 25million unique strains of malware were released in 2011; the annualproduction of malware is expected to mushroom to 87 million by theend of 2015.

With both reputations and real dollars hanging in the balance,it's imperative for credit unions to prioritize the implementationof multi-layered cybersecurity programs as a way to protect theirorganizations and create highly effective online bankingexperiences for their members.

AndreasBaumhof is CTO of ThreatMetrix, an onlinetransaction security firm based in San Jose, Calif.