WASHINGTON (4/2/14)--Credit unions and all financial institutions are being alerted to the risks associated with cyber-attacks on ATM and card authorization systems and the continued distributed denial of service (DDoS) attacks on public-facing websites.
The National Credit Union Administration, in conjunction with the other federal financial regulators comprising the Federal Financial Institutions Examination Council (FFIEC), just released a statement that describes steps the regulators expect institutions to take to address these attacks. The release also highlights resources institutions can use to help mitigate the risks posed by such attacks.
Cyber-attacks on financial institutions to gain access to, and alter the settings on, Web-based ATM control panels used by small- to medium-sized institutions are on the rise, the NCUA and partner agencies warn.
Financial institutions must review the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters and fraud detection processes, the FFIEC states.
Also, the joint-agency body expects financial institutions to have effective response programs to manage this type of incident.
Regarding DDoS readiness, the FFIEC expects institutions to address it as part of their ongoing information security and incident plans.
"More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate," the agencies said.
The FFIEC is comprised of the NCUA, the Federal Reserve Board, the Federal Deposit Insurance Corp., the Comptroller of the Currency, the Consumer Financial Protection Bureau and the State Liaison Committee.
See resource links for more information.