What Does FFIEC Guidance On DDoS Mean For Your Institution?

The FFIEC has released a set of guidelines for Banks and Credit Unions to follow with regard to Distributed Denial of Service (DDoS) attacks. The guidelines are high level, however one thing is clear:   Institutions need to take action to monitor and protect themselves from these types of online assault.

Top Three Things to Consider:

1.)  DDoS Impacts Institutions Large and Small

“Financial institutions of all sizes that experience attacks may face a variety of risks, including operational risks and reputation risks.”

Smaller institutions are at even greater risk in some cases due to the ease with which an attack can successfully take down unprotected or less resilient IT infrastructure.  Larger organizations generally have more bandwidth and heavier-duty servers which require more resources to execute a successful attack.

2.)  Make Monitoring Critical Systems a Priority

With denial of service attacks coming in many forms, institutions need to perform an inventory of all critical systems and rank their exposure level.  This isn’t just your website.  Look at all internet facing services: email, voice over IP, file transfer services (FTP), core processor, and third party hosted applications.
For each finding ask these questions:

  • Is someone internally or externally tracking when hackers are “casing” your website?
  • Do you have procedures in place that your organization will follow when under attack?
  • How do you know when an attack takes place?  Do you need to wait for someone to call the branch?
  • Do you have any procedures or ability to mitigate an attack today?
  • What operational risk does an outage present to the organization beyond downtime?

3.)  Account Fraud and DDoS Work Hand-in-Hand

Due to the demonstrated connection between account fraud and DDoS, the FFIEC is pushing for implementation of new internal processes to track high value target systems. For example, your public-facing applications and websites.  Monitoring public-facing web for attacks allows greater visibility prior to the execution of an attack on your organization.

Many hackers will run test attacks, probe for exploits and scrape site code prior to the main event.  Implement tools to track this data and even block certain incoming connects to divert illicit traffic. This information can be used in conjunction with anti-fraud measures to proactively identify compromised accounts or hold certain transactions.

Consult a service provider like Dunbar Digital Armor to evaluate your readiness, monitor your critical services, and implement protections.