24 Jan 2013

Denial of Service Attacks Plagued US Banks, Corero Says

Denial of service attacks on US banks intensified last year and caught IT security experts either off guard or with insufficient resources to efficiently repel them, according to a report commissioned by Corero Network Security.

With more than 10 DDoS attacks reported on 7 percent of the 351 surveyed banks, only 37 percent of respondents claimed their banks were efficient or very efficient in preventing these attacks. The matters of insufficiently trained personnel and inadequate technologies were acknowledged by about a quarter of the 650 IT and IT security experts from the 351 surveyed banks.

Expecting to see an increase in denial of service attacks during 2013, 78 percent of respondents agreed that retail banks will be even more targeted in the immediate future.

"It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on a continued basis,” said Dr Larry Ponemon, founder of the Ponemon Institute. "When such an attack occurs, the time and efforts of IT staff are devoted to dealing with the problem instead of managing other IT operational and security priorities. This leaves financial institutions open to more dangerous attacks that further compromise their infrastructure."

Saying that companies should implement and use technologies specifically designed to detect and repel denial of service attacks, Corero President Marty Meyer believes traditional firewalls were not built to handle these tasks. Inducing a false sense of security, current protection methods should be replaced and companies should invest more in network perimeter defenses.

"Organizations need to add first line of defense solutions that can provide this protection and are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for," Meyer said.

With zero-day vulnerabilities becoming a popular weapon of choice amongst cyber-criminals, banks face even more risks without proper security measures in place.