07 Apr 2014
US banks and financial institutions must now survey their networks for denial-of-service attacks to counter operational and reputation risks, announced the Federal Financial Institutions Examination Council (FFIEC).
In a recent notice, the FFIEC recommended carrying out a risk assessment program, ongoing Internet traffic monitoring and an incident response strategy to address potential financial losses.
The body also suggests disseminating information with organizations such as the Financial Services and the Information Sharing and Analysis Center to help mitigate threats. Enough staff also needs to be available to help solve security breaches, even if it means contracting third parties.
The decision comes after “an increased number of DDoS attacks were launched against financial institutions by politically motivated groups,” the statement says. “In other cases, DDoS attacks served as a diversionary tactic by criminals attempting to commit fraud using stolen customer or bank employee credentials to initiate fraudulent wire or automated clearinghouse transfers.”
The FFIEC is a US government interagency body that can prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.