By Hugh Smallwood | April 30, 2013
How does my Credit Union prepare for the May 7th DDoS threat?

Credit Union DDoS AttackIf you are getting bombarded with information about the May 7th potential cyber attacks and do not know what to do, this post is for you.

Anonymous, AnonGhost, Izz ad-Din al-Qassam; you may now know more about these groups then you ever wanted. They are making threats that they will launch attacks against your internet presence on May 7th.

WHAT DOES THIS MEAN TO YOUR CU?

The easiest approach is to perform an impact analysis (a step recommended by the NCUA) and develop an incident response. What are the potential services and applications that could be affected by your CU should you come under an attack.

Website:

Your website is usually the first thing that comes to mind.  If an attack on your website occurs it will render your website inaccessible to your members.  It is important to understand the impact of your members not being able to access your website.  Understanding the impact falls into two categories information and function.

Information

You website is used by your members for information about your Credit Union.

  • Location of ATMs
  • Current Rates
  • Phone Numbers
  • Hours of Operation

Functional

If you offer mobile banking or internet banking your members may lose the ability to.

  • Use bill pay
  • Preform transfers
  • Check balances
  • Pay loans

It is recommended to develop your own listing all of the services/information not available due to down time of your website.  Once you have this list you can perform an impact/financial analysis by modeling what will happen when members cannot preform the functions offered by your website. If you site is offline due to an attack it is important to make sure the message communicated to your members is informational and the same across your whole organization.  Prepare a statement and train your staff to respond accordingly (tellers, customer service reps, loan officers, marketing department).  This is a good first step towards a complete incident response plan (another NCUA recommendation) should you be the victim of an attack.

Unfortunately your website is only one service that could be affected by an internet attack.   Additionally you may experience outages of your:

  • Mail
  • 3rd party VPN’s
    • Shared branching
    • Credit card auth
    • ATM services
    • Connection to your core
    • Access to online services
      • HR
      • Payroll

All of these should be considered when preforming your impact analysis and preparing your incident response plans.

So this begs the question “How do I keep from being affected by a cyber-attack?”

There are many approaches.  First and foremost you need to make sure you understand your public facing internet foot print.  This means analyzing where all of your internet services are actually hosted.  This may be easy for some large CU’s.  It could all be in house.  Or it could all be through service providers.  A great tool to use if you do not know where your website or online service is hosted is http://www.whoishostingthis.com/ enter the url of your public facing service and it will provide information on the hosting provider.

Once you have gathered all of this information you can go service by service and identify weather a solution exists or weather you need to develop one.  Hopefully you will find that many of your hosting providers offer services to protect your internet facing presence from cyber-attacks.

Don’t’ be fooled for even the smaller CU’s this is a significant project.  And will have to be maintained as you switch service providers change telecom providers, backup providers etc.  Cyber-attack and Cyber defense strategies will continue to grow in importance.  The recent DDoS threats are only one type of attack.  As technology develops and more of our interactions, transactions, and information migrate online we will only continue to see an increase in cyber-attacks.

be preparedOngoing Operations Sees this trend and is developing solutions to help defend the public facing internet services.  WE not only see threat in DDoS but also other types of cyber-attacks.  Our solutions are designed to develop a perimeter defense approach that will evolve with technology and the market place.

 

Related Content:

How is the Sunset of Windows XP Related to DDoS Attacks?

DDoS: Be Part of the Solution – Part 1

Credit Union DDOS: Part 1 Non-Technical Explanation

Have Questions? Concerns? Contact Us:

Posted in Business Continuity Planning, Cloud Topics, P3 - Plan, Prepare, Protect, Uncategorized and tagged , , , , , , ,

Cost-Effective Solutions for Your Credit Union

Simply fill out this form and select the topic(s) that you would like more information for, and our team will reach out shortly.

Medium

Role
I agree to receive marketing communications from Ongoing Operations regarding news, updates, products, etc.(Required)

blank
modal close button

Welcome to the Ongoing Operations blog archive.

For our most up-to-date information, please visit ongoingoperations.com.

HOME