Two thirds of banks hit by DDoS attack in past 12 months
Written by Scott Thompson
Sixty four per cent of IT & IT security practitioners report that their banks have suffered at least one Distributed Denial of Service (DDoS) attack in the last 12 months, according to research commissioned by Corero Network Security. The survey of 650 IT and IT security practitioners at 351 banks also revealed that 78 per cent believe DDoS attacks will continue or significantly increase in 2013.
Forty eight per cent said their banks had suffered multiple DDoS attacks in the past 12 months. They stated that along with DDoS attacks, Zero-Day attacks, an attack that exploits a previously unknown vulnerability, are considered to be the most severe security threats. Among the key barriers impacting banks’ ability to deal with DDoS attacks, 50 per cent cited insufficient personnel and expertise and a lack of effective security technology as the most serious concerns, followed by insufficient budget resources. Despite the recognition that the threat of DDoS attacks is not abating, the survey revealed that banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35 per cent) to protect their organisation from today’s sophisticated attacks.
“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organisations across every sector into a false sense of security,” says Marty Meyer, president at Corero. “Many organisations assume traditional firewalls can provide protection against DDoS and Zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through. Organisations need to add 'First Line of Defence' solutions that can provide this protection and are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for.”
The findings add further support to the trend that hacktivist groups proactively target banks with Bank of America, JPMorgan Chase, Citigroup, Wells Fargo and Capital One and others again allegedly being actively targeted with DDoS attacks since the end of 2012. “It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on a continued basis” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the research. “When such an attack occurs, the time and efforts of IT staff are devoted to dealing with the problem instead of managing other IT operational and security priorities. This leaves financial institutions open to more dangerous attacks that further compromise their infrastructure.”