DDoS attacks hit two thirds of banks, with problem set to spread

IT security in the financial sector was dominated by stories of DDoS (Distributed Denial of Service) attacks last year, and new research has demonstrated just how prevalent the problem was - and will continue to be.

Corero Network Security sponsored a report from the Ponemon Institute, titled, ‘A Study of Retail Banks & DDoS Attacks’, which surveyed 650 security practitioners from 351 banks of various sizes. From the sample, as much as two thirds said they were a target of a DDoS attack last year, and “almost half” experienced multiple attacks, showing just how many organisations are under bombardment from hackers.

Though media reports focused on the attacks faced by major groups such as US Bancorp, JPMorgan Chase and Bank of America, the report noted that “DDoS attacks are not limited to the large national banks. Smaller retail banking institutions that might not have the necessary defenses in place are expected to be targeted in the coming months.”

Though most large banks have the infrastructure to escape from a DDoS barrage without too much damage, the spread of attacks to smaller organisations could spell trouble. The report found that 20 per cent did not believe their company was capable of effectively detecting a denial of service attack, while 23 per cent felt they were not equipped to prevent them in the first place.

In terms of the impact had by DDoS attacks, diminished productivity followed by reputational damage were rated as the worst consequences of suffering such a breach.

“Many organizations assume traditional firewalls can provide protection against DDoS and Zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through,” said Marty Meyer, President of Corero.

“Organizations need to add First Line of Defense solutions that can provide this protection and are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for,” he added.