Responding to recent distributed denial-of-service attacks on at least twocredit unions, the NCUA on Wednesday released a risk alert that itsaid identifies appropriate policies and procedures to guardagainst them.
|It is the first risk alert released in 2013; no risk alerts werereleased in 2012.
|The regulator advised credit unions to employ controls describedin the 2011 FFIEC supplement to guidance on Authenticationin an Internet Banking Environment.
|NCUA rules and regulations already require credit unions tomonitor systems to detect actual and attempted attacks on, orintrusions into, member information systems.
|“As the goal of DDoS attacks is causing service outages ratherthan stealing funds or data, typical network security controls –such as firewalls and intrusion detection and prevention systems –may offer inadequate protection,” NCUA Chairman Debbie Matz said inthe bulletin, which is posted on the regulator'swebsite.
|However, the NCUA also said in the risk alert that DDoS attacksmay also be paired with attempts to steal member funds or data.
|Credit unions significantly affected by DDoS or other cyberattacks should notify their NCUA regional office or statesupervisory authority, and when applicable, follow regulatorynotification proceduresm, the agency said.
|The alert suggested credit unions mitigate DDoS risk byperforming risk assessments, ensuring incident response programsinclude a DDoS attack scenario and performing ongoing third-partydue diligence, in particular on Internet and Web-hosting serviceproviders, to identify risks and implement appropriate trafficmanagement policies and controls.
|Credit unions should voluntarily file a Suspicious ActivityReport if an attack impacts Internet service delivery, enablesfraud, or compromises member information, the NCUA said. The NCUAalso encouraged credit unions to participate in information-sharingorganizations, such as industry trade groups and the Financial Services Information Sharing and AnalysisCenter.
|In addition, the NCUA said the United States Computer EmergencyReadiness Team provides information on the methods used to launchattacks and risk mitigation tactics to reduce their impact.
|Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
