Credit unions are exposed to a variety of cyber-risks, threats and vulnerabilities that have a direct impact on performance.  On any given day – and often all at once – they must deter cyberattacks, detect insider risks originating within their Information Systems environments and manage the financial, reputational, operational, compliance, and strategic impacts these threats pose.

At the same time, customer use of mobile devices to interact with their credit union, and the use of social media by employees on their own devices, present new vulnerabilities around privacy and security breaches.

It's a rather frightening environment – one that unfortunately and increasingly is habituated by cybercriminals whose sophisticated methods of thwarting security have become among the most significant threats. 

The good news, however, is that forward-thinking credit unions can adopt intelligence-led, early threat detection methods and systems.  These do not necessarily eliminate the threats, but enable credit unions to identify and counter the threats quickly and effectively.

Smartphones, apps, transfers and online payments pose increasing risk.

As credit union members become more reliant on mobile services, transferring high value, sensitive data through their smartphones, mobile devices have become the foundation of a growing volume of transactions.   

Perhaps the most common attack organizations face is the implementation of phishing and mobile malware. With phishing, the remote access of data on smartphones means that criminals are given the opportunity to access sensitive information. This tactic often leaves credit unions at the mercy of costly, organized attacks, and their vulnerable customers in the crosshairs. 

Criminals gain access to personal data, allowing them to impersonate victims and gain further sensitive information. As a result, personal information can be collected to create a picture of the victim's identity.  Then, armed with personal information, hackers can approach a credit union, claim their card has been stolen, and obtain a new PIN number that can be used for online transactions.

Cybercriminals' acquisition of personal data is rapid and covert, meaning the offense usually stays undetected for long periods of time. As a result, credit unions face a repetitive battle in monitoring and dealing with situations as they appear.

At the same time, issues surrounding mobile fraud and security are constantly changing at a faster pace than ever before.  Thus, many institutions realize it is crucial to go one step further and flag suspicious activity early.

Early threat detection essential to minimizing impact

Detecting threats within the firewall, and as they develop, is not easy. In today's threat landscape, credit unions face extremely sophisticated intruders who constantly change and refine their methods in order to perpetrate their mission, as well as rogue insiders who abuse legitimate access rights to manipulate and steal data. 

Most credit unions are responding to growing cyber threats by increasing spending on IT security and resilience.  The key, however, is to adopt a governance-led, information-driven approach to managing cyber-risk. Management needs to understand how threats are evolving, evaluate the degree of risk at any one time and set strategies for countering attacks. 

Information-driven cyber intelligence allows management to assess, manage and minimise the risks.  By identifying and characterizing cyber threats, and assessing the vulnerability of critical assets and operations, credit unions can better identify ways to reduce those risks and strategically prioritize risk reduction measures.  They can clearly plan for what the likelihood and consequences of specific types of attacks are and can better manage and minimize the risk.

A quick glance at the headlines tell us we live in an age of constantly changing and evolving cyber risks for all types of businesses.  Credit unions should adopt a proactive approach to protecting their systems, processes, data and members. 

It's not about higher and stronger fences, but building better and smarter tools inside your barriers that can detect, identify, and manage cyber risk to quickly mitigate potential threats, preserve data, and ultimately protect your organization's reputation.

Jeff Frazier is a former FBI agent and is currently senior vice president, americas, for Wynyard Group. He can be reached at 571-441-5928 or [email protected].