MADISON, Wis. (10/1/14)--A new white paper from the CUNA Technology Council, "DDoS Security: Risks, Actions, Threats and Solutions," examines the danger posed to credit unions by distributed denial of service attacks.
While all financial institutions face some risk of exposure to DDoS attacks, every credit union and every vendor relationship is unique. That's why it's important for each credit union to not only carefully examine its individual risks but also understand them, according to Jim Stickley, CEO at Stickley on Security.
"At this point, every credit union should assume they will be a target, at some point in time, of a DDoS attack," Stickley said. "The best step is to have a plan in place. You should be working with your network and security providers to ensure they have a defined plan in place and can handle this type of attack.
"In addition, every credit union should be conducting load testing against their online applications--especially applications that don't require log-in credentials to be accessed," Stickly added. "If a criminal can simply command an automated program to submit a form over and over, and that form is load-intensive, this can be a very simple way for a criminal to have numerous machines attack that single form until the site goes down."
Ron Dinwiddie, chief information officer at $850 million-asset Texas Trust CU in Mansfield, Texas, said implementing two other practices would be major steps in the right direction:
"These types of assessments and audits do cost money, but what's the cost--not only in hard dollars but also reputational--should you get attacked and aren't prepared? In many cases, the reputational 'hit' costs more than the hard dollars," Dinwiddie said.
Though credit unions may not be any more vulnerable to DDoS attacks than other companies, they'll be more vulnerable if they aren't prepared, he added. Credit unions should take steps to have a plan and services in place to deal with attacks when they do occur.
To download the white paper, use the resource links.