Credit unions are exposed to avariety of cyber-risks, threats and vulnerabilities that have adirect impact on performance. On any given day – and oftenall at once – they must deter cyberattacks, detect insider risksoriginating within their Information Systems environments andmanage the financial, reputational, operational, compliance, andstrategic impacts these threats pose.

At the same time, customer use of mobile devices to interactwith their credit union, and the use of social media by employeeson their own devices, present new vulnerabilities around privacyand security breaches.

It's a rather frightening environment – one that unfortunatelyand increasingly is habituated by cybercriminals whosesophisticated methods of thwarting security have become among themost significant threats.

The good news, however, is that forward-thinking credit unionscan adopt intelligence-led, early threat detection methods andsystems. These do not necessarily eliminate the threats, butenable credit unions to identify and counter the threats quicklyand effectively.

Smartphones, apps, transfers and online payments poseincreasing risk.

As credit union members become more reliant on mobile services,transferring high value, sensitive data through their smartphones,mobile devices have become the foundation of a growing volume oftransactions.

Perhaps the most common attack organizations face is theimplementation of phishing and mobile malware. With phishing, theremote access of data on smartphones means that criminals are giventhe opportunity to access sensitive information. This tactic oftenleaves credit unions at the mercy of costly, organized attacks, andtheir vulnerable customers in the crosshairs.

Criminals gain access to personal data, allowing them toimpersonate victims and gain further sensitive information. As aresult, personal information can be collected to create a pictureof the victim's identity. Then, armed with personalinformation, hackers can approach a credit union, claim their cardhas been stolen, and obtain a new PIN number that can be used foronline transactions.

Cybercriminals' acquisition of personal data is rapid andcovert, meaning the offense usually stays undetected for longperiods of time. As a result, credit unions face a repetitivebattle in monitoring and dealing with situations as theyappear.

At the same time, issues surrounding mobile fraud and securityare constantly changing at a faster pace than ever before. Thus, many institutions realize it is crucial to go one stepfurther and flag suspicious activity early.

Early threat detection essential to minimizingimpact

Detecting threats within the firewall, and as they develop, isnot easy. In today's threat landscape, credit unions face extremelysophisticated intruders who constantly change and refine theirmethods in order to perpetrate their mission, as well as rogueinsiders who abuse legitimate access rights to manipulate and stealdata.

Most credit unions are responding to growing cyber threats byincreasing spending on IT security and resilience. The key,however, is to adopt a governance-led, information-driven approachto managing cyber-risk. Management needs to understand how threatsare evolving, evaluate the degree of risk at any one time and setstrategies for countering attacks.

Information-driven cyber intelligence allows management toassess, manage and minimise the risks. By identifying andcharacterizing cyber threats, and assessing the vulnerability ofcritical assets and operations, credit unions can better identifyways to reduce those risks and strategically prioritize riskreduction measures. They can clearly plan for what thelikelihood and consequences of specific types of attacks are andcan better manage and minimize the risk.

A quick glance at the headlines tell us we live in an age ofconstantly changing and evolving cyber risks for all types ofbusinesses. Credit unions should adopt a proactive approachto protecting their systems, processes, data and members.

It's not about higher and stronger fences, but building betterand smarter tools inside your barriers that can detect, identify,and manage cyber risk to quickly mitigate potential threats,preserve data, and ultimately protect your organization'sreputation.

Jeff Frazier is a former FBI agent and is currently seniorvice president, americas, for Wynyard Group. Hecan be reached at 571-441-5928 or [email protected].