Critics of CUNA's decision to publicize a possible May 7 DDoS attack led by the hacker group Anonymous have been numerous and vocal in their complaints to Credit Union Times – “fear mongering” is the usual charge.

But the trade association believes it did the right thin

Q: What did CUNA think would be the gain from publicizing this?

CUNA: We believe that credit unions are better forewarned rather than not knowing. Seeing an event develop before their eyes and having little, if any, information at their fingertips for why it is occurring can be disconcerting.

Q: Why does CUNA take the threat seriously? (Many experts don't see much there.)

CUNA: CUNA believes that any cyber-threats to credit unions, in this day and age, must be taken seriously. We were privy to information from others within the credit union space who look out for these sorts of threats assiduously through their own analysis (based on their own experiences in the past of being subject to such DDoS, particularly in their part of the country). We evaluated their analysis and, after careful consideration, determined that credit unions would be better off knowing of the threat, and be prepared for it.

Q: Given that it would be impossible for any credit unions (except possibly for the two or three largest) to buy defenses in time for May 7, what was the intent of the announcement?

CUNA: Again, we believe that credit unions are better off knowing of the threat. As we detailed in our News Now coverage last week, there are steps that any credit union can take, including:

· Alerting its network team to actively monitor inbound Internet traffic that day. The team should be prepared to block traffic from specific IP addresses in an effort to maintain their website's ability to respond to normal business requests;
· Educating call center staff on the symptoms of a denial of service attack so they can better serve the members and notify their network teams if an attack is under way. The call center staff should be prepared with alternatives to serve the members.

Certainly it is possible that no threat will, in fact materialize; but we strongly believe that maintaining the trust of members in the security of their credit unions is worth the effort.

One more piece of information: Just last week, CUNA held an exploratory cyber security conference call with four of the biggest players in the CU space in this area. The goal of the call was to talk about if there are any standards or common things that credit unions and credit union organizations can align around to better protect the CU system. Some things that came out of that discussion:

· Many credit unions don't have a cyber security response plan, don't have a board policy, may not be aware of the special insurance coverages specific to cyber security.
· Many credit unions are looking for vendors that can help in this area.
· One of the core takeaways was the we need better communication on this whole issue, so CUNA is looking to take a leadership role in sharing information in this area.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.