CO-OP Financial Services has announced release of a free DDoS mitigation white paper intended to offer guidance to credit unions, especially in the run up to the possible May 7 attacks announced by groups affiliated with the hacker organization Anonymous.
The white paper is here. It was written by Ray Zadjmool, president of Tevora, a Lake Forest, Calif., information assurance consulting firm.
Included in the white paper is DDoS incidence reporting where a sampling of credit unions were asked if they had ever experienced a DDoS attack. One-third – 33% – said yes. Forty-three percent said they did not kno
Also Read:
- Was May 7 Only a Test?
- May 8: Attacks But No Time to Let Guard Down
- Mixed Views in LinkedIn Poll on May 7 Warning
- No Takedowns Reported Tuesday
- Anonymous May 7 Target List Includes CUs
- Krebs: DHS Memo Says 'More Bark Than Bite'
- Threat of the Week: May 7, Ready or Not
- CUNA Explains Thinking Behind Warning
- Reactions Vary to May 7 Warning
- DDoS Attacks Often Fraud Diversions
- Mark Your Calendar (or Not) for May 7 Attacks
- CUNA Issues May 7 DDoS Warning
Importantly, of the credit unions that had experienced a DDoS attack, none had reported it to external parties, making doing incidence counts difficult.
Only a handful – 7% – said they had DDoS mitigation tactics in place.
The white paper succinctly recaps the recent history of DDoS, and it also offers a non-technical look at the kinds of DDoS that financial institutions have recently been subjected to,
Core to its advice is this: “Credit unions should … plan for a strategy that deals with DDoS much the same way as a natural disaster; an event that could disable critical services and impacts the ability to conduct business.”
It also follows NCUA's guidance in outlining a three-pronged approach:
*”Perform risk assessments to identify risks associated with DDoS attacks.
* Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after an attack.
* Perform ongoing third-party due diligence, in particular on Internet and Web-hosting service providers, to identify risks and implement appropriate traffic management policies.”
The white paper also offers analysis of vendor solutions offered by companies such as Akamai and Prolexic.
The paper's conclusion: “Implementing a DDoS mitigation strategy should take into account a formal assessment of risk, prior planning, third party due diligence, and capital investment. By implementing a variety of methods, credit unions and credit union service organizations can prepare for a security threat that is poised to grow over time.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
