Last year will be remembered as the year that left its mark on the state of computer security across the industry.
From massive retail data breaches to cyber attacks waged by nation states against organizations, the widespread impacts led to unprecedented repercussions such as brand damage, increased audit scrutiny, and loss of market share.
We witnessed a barrage of new malware variants and revamped sophisticated banking Trojans with even more capabilities.
And how could we possibly forget the creative names bestowed upon the high-profile vulnerabilities disclosed: “Heartbleed,” “Shellshock,” and “Poodle” (you could cleverly add “oh my”).
So what does 2015 have in store? Not surprisingly, we should probably hedge our bets toward more of the same.
Protecting your members
Think credit unions and other community financial institutions aren’t in the cross-hairs? Think again.
Account takeover fraud continued to rise in 2014, topping the $6 billion mark.
Skilled fraudsters will continue to focus their attention on high-value targets—and no financial institution should think it’s excluded.
As the result of increased account takeover fraud, credit unions have bolstered security protections for members, layering in additional controls such as stronger multi-factor authentication and out-of-band transaction authorization.
As effective as these measures have been, the adoption rates are still relatively low due to their impact on end-user convenience and the institutions’ reluctance to push harder.
Thus, the age-old battle to find the balance between security and convenience continues. Credit unions need to examine ways to achieve a more fluid approach, where security is more about “who you are” and less about “what you know.”
This means embracing new and alternative methods of authentication, such as leveraging biometric elements about the end user.
What about data and analytics? When properly applied, this evolving technology offers the capability to accurately predict and determine behavioral anomalies, giving institutions the ability to better detect the presence of fraud.
This is all based on measuring familiar aspects of activity, placing little burden on members. These methods represent innovative ways to enhance security while providing a more satisfying experience for end users.
Defending your CU
For the most part, credit unions have fortified their perimeters. Fraudsters and bad actors are keenly aware of these increased controls and recognize the significant hurdles they can present.
In response, they have adapted their approach, using different techniques and focusing attention toward other, less-fortified avenues.
Most notably, fraudsters are targeting what is often referred to as the weakest link: employees. Institutions must do a better job of educating employees and changing their behaviors prevent these attacks.
Attacks will continue, but the balance of power can be tilted.
If credit unions can anticipate these threats, they’ll have a leg up on securing their institutions before attacks occur.
Just as critical is the capability to effectively detect and quickly respond to attacks.
Credit unions should focus their efforts on improving response capabilities instead of trying to simply prevent what may be the inevitable.