Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
CUNA Mutual: Six steps to prep for cyber attacks
MADISON, Wis. (2/5/13)--Distributed denial of service (DDoS) attacks that hit 22 banks as well as two credit unions in California and Texas have prompted advice from CUNA Mutual Group on how to prepare for cyber attacks.

Ken Otsuka, risk management senior consultant for CUNA Mutual Group, noted that the scale and speed of the recent attacks were unprecedented. He defines DDoS attacks as attempts to disrupt or suspend online service by saturating the target's network with external communication requests to overload its server.

Although some hacktivists have called off them off  the attacks, other groups use DDoS attacks as smokescreens for diverting funds from consumers' accounts.

Otsuka advised credit unions to take six steps:

  1. Don't underestimate the threat of cyber attacks.  "It's true that most credit unions don't face the same risk as national banks from attacks by high profile cybercriminal groups. But the first thing to understand about cyber attacks is that we can't predict the next type of attack to come along," he said. "Don't bet on behalf of your members that your credit union isn't big enough to be a target."
  1. Mitigate the risk of service interruptions caused by DDoS.  Although credit unions can't prevent such attacks, they can establish a process to identify them. Monitor bandwidth usage, use firewall logs to determine what is under attack, and employ an intrusion detection system to identify the type of traffic.
  1. Perform due diligence on third-party service providers. Ensure that third parties  such as Internet service providers and Web hosts address website problems caused by the attacks-- and that they have a contingency plan for these.
  1. Be prepared to provide timely and accurate information to members. Have a plan to get the word out. The faster you do so, the better you can control the message and counter any rumors or misconceptions about what is happening.  Monitor social media to find out what is said in cyberspace about any interruption to online services. You may need extra staff or third-party help to work the phones and contact local media to make sure members get correct information.
  1. Check transfers initiated via online banking when an attack occurs. If staff are busy answering calls from members who can't access the website or initiating damange control, they may not notice fraudulent transactions initiated through online banking.  When a DDoS occurs, review online banking transactions. If necessary, delay executing the transfers until their legitimacy is verified.
  1. Have a strong multi-factor authentication method in place for online banking systems. The authentication process should comply with the Federal Financial Institution Examination Council's updated authentication guidance issued in 2011. It expects financial institutions to have a fraud monitoring system  to detect anomalies in initial logins and authentication of members requesting online banking access to system, and in  fund transfers  initiated to others.
RSS





print
News Now LiveWire
Happy holidays! Here's your gift-report of another data breach: Staples between April and Sept, 1.16M cards at risk http://t.co/jDhJCkf3LC
17 minutes ago
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
16 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
16 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
19 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
20 hours ago