BITS, the technology policy division of The Financial Services Roundtable, on Thursday released a new report created to help financial firms understand the risks of malicious code. The paper describes the evolution of malware, how the criminal marketplace functions, popular vectors for attack and recommended countermeasures. The paper concedes that preventive controls are not good enough to stop today's advanced attacks. As a result, organizations should also consider implementing change management, anomaly detection, network access control, breach response protocols and vulnerability management.