In the financial services sector, hackers usually focus their energies on securing stolen credentials to access customer accounts, generating fake accounts to access credit and/or illegally transfer funds from existing customer accounts.

First generation, single-layer security measures are now widely considered to be ineffective in preventing cyber fraud, however. Instead, Federal Financial Institutions Examination Council banking guidelines mandate the implementation of a multi-layered security strategy that centers on two key areas: Device identification and malware protection.

Device identification measures are designed to authenticate users and devices, distinguishing legitimate system users (i.e. members and employees) from cybercriminals. Although this was once achieved through cookies and IP address intelligence, FFIEC guidelines now call for more advanced device identification technologies, recognizing the fact that fraudsters are becoming more sophisticated.

Malware threats are also a major concern and are pervasive across the financial services industry. In today's threat environment, credit unions and other financial sector organizations are besieged by Trojans – a type of malware that masquerades as applications.

The latest round of Trojan viruses consists of an insidious form of malware known as Man-in-the-Browser attacks. MitB Trojans inject malicious JavaScript into online banking pages when members log in to the system. Multi-factor authentication schemes have been proven useless against MitB attacks, leaving many credit unions extremely susceptible to MitB intrusions.

A February 2011 survey conducted by Gartner revealed that financial institutions believe malware to be the primary concern in the current threat landscape – a concern that has no doubt been exacerbated by the fact that in 2011, the financial industry experienced a dramatic increase in sophisticated MitB Trojan activities supporting fraudulent transactions with stolen identities.

Managing the Threat Landscape

For credit unions, robust cybersecurity means effectively balancing a range of organizational, technical and member-facing variables. Although top-notch security measures are important, fraud prevention solutions must be implemented in a manner that conforms to budget parameters and the delivery of seamless online banking experiences.

The best cybersecurity initiatives emphasize a multi-layer security approach that spans the entire customer acquisition and transaction lifecycle. Deployed security solutions should feature complex, next-generation device identification technology as well as malware protection capable of preventing MitB attacks and emerging malware-based threats.

In the past, credit unions have been forced to rely on multiple products and vendors to achieve adequate fraud prevention (device identification) and malware protection. But the consolidation of firms in the fraud prevention and cyber security management industry is resulting in the creation of integrated, single-source solutions. These solutions treat fraud prevention and malware protection as a single problem, delivering intelligence sharing capabilities and real-time responses to potential threats.

In addition to providing a more unified approach to cybersecurity, integrated solutions also provide credit unions with cost efficiencies and ease-of-use benefits – mitigating some of the primary obstacles that have prevented credit unions from launching more aggressive cybersecurity agendas.

Going forward, the threat of cyber attacks is expected to multiply exponentially. The Aite Group estimates that as many as 25 million unique strains of malware were released in 2011; the annual production of malware is expected to mushroom to 87 million by the end of 2015.

With both reputations and real dollars hanging in the balance, it's imperative for credit unions to prioritize the implementation of multi-layered cybersecurity programs as a way to protect their organizations and create highly effective online banking experiences for their members.

Andreas Baumhof is CTO of ThreatMetrix, an online transaction security firm based in San Jose, Calif.