By Susan Warner, NeustarDDoSattack AffirmX welcomes guest blogger Susan Warner, DDoS mitigation expert from Neustar, a leading provider of IT/Security services. On May 13 at 1 PM Eastern, Susan will join panelists Jane Pannier and Jesse Boyer from AffirmX for a free webinar: Is Your Credit Union Prepared for a DDoS Attack? If you haven’t signed up yet, register here.
DDoS attacks are like an emergency storm warning: when they arrive, you start running around your house, locking all the windows, and getting the flashlights out—all the while forgetting just about everything else. In the same way, DDoS attacks act like a smokescreen, distracting institutions from protecting against more dangerous cyber attacks.
In one alarming case, thieves used DDoS to help steal customer information and extract $9 million from several ATMs in just 48 hours. Incidents like these have caused regulatory agencies to release warnings about criminals increasingly using DDoS attacks to access more valuable assets like intellectual property and funds. The numbers are a little frightening—according to Neustar’s research, 49.36% of companies who experienced a DDoS attack and a data breach had a virus or malware installed or activated, 25.53% involved customer data theft, 19.15% resulted in the loss of intellectual property, and 10.64% effected financial theft.
However, institutions shouldn’t ignorantly believe that these attacks are solely IT’s problem—the harm spreads much more widely. According to the Neustar 2014 Annual DDoS Attacks and Impact Report, departments outside of IT and security—like customer service and marketing—together pay over half of attack-related costs. Why? Understandably, when a financial institution’s website crashes, unhappy customers bombard the call center. This overwhelms the customer service department and marketing and PR suddenly go into overdrive to try to diplomatically explain the issue and resolve complaints. Furthermore, according to the Gartner US digital marketing spend survey, organizations spent on average 3.1 percent of their 2013 revenues on digital marketing. When your site is down, that investment is lost.
Although the FFIEC has outlined steps to take (including monitoring Internet traffic to your institution’s website, sharing information with law enforcement, evaluating holes in ongoing risk assessments, etc.) many credit unions lack an awareness of how to truly protect themselves against a DDoS attack. What is your credit union’s first step in protecting itself against such attacks? AffirmX, in concert with Neustar, is holding a free webinar in response to this question. We realize that big banks aren’t the only financial organizations targeted by DDoS, which is why we designed this webinar as a place for credit union employees to learn about how DDoS attacks impact your credit union, and to hear stories of attacks and new research that supports the idea of DDoS as a smokescreen for more serious breaches, including financial and data theft. So put down the flashlights, step away from the windows, and learn what you should really be doing to defend your credit union against DDoS attacks. Register here.