Critics of CUNA's decision to publicize a possible May 7 DDoSattack led by the hacker group Anonymous have been numerous andvocal in their complaints to Credit Union Times – “fearmongering” is the usual charge.

|

But the trade association believes it did the right thin

|

Also Read:

In written responses to questions late Tuesday, the trade groupexplained its decision in warning credit unions to be aware of thethreat to take down their websites, including considering warningmembers to avoid online banking that day and come into thebranch.

|

Q: What did CUNA think would be the gain from publicizingthis?

|

CUNA: We believe that credit unions are better forewarned ratherthan not knowing. Seeing an event develop before their eyes andhaving little, if any, information at their fingertips for why itis occurring can be disconcerting.

|

Q: Why does CUNA take the threat seriously? (Many expertsdon't see much there.)

|

CUNA: CUNA believes that any cyber-threats to credit unions, inthis day and age, must be taken seriously. We were privy toinformation from others within the credit union space who look outfor these sorts of threats assiduously through their own analysis(based on their own experiences in the past of being subject tosuch DDoS, particularly in their part of the country). We evaluatedtheir analysis and, after careful consideration, determined thatcredit unions would be better off knowing of the threat, and beprepared for it.

|

Q: Given that it would be impossible for any credit unions(except possibly for the two or three largest) to buy defenses intime for May 7, what was the intent of the announcement?

|

CUNA: Again, we believe that credit unions are better offknowing of the threat. As we detailed in our News Nowcoverage last week, there are steps that any credit union can take,including:

|

· Alerting its network team to activelymonitor inbound Internet traffic that day. The team should beprepared to block traffic from specific IP addresses in an effortto maintain their website's ability to respond to normal businessrequests;
· Educating call center staff on thesymptoms of a denial of service attack so they can better serve themembers and notify their network teams if an attack is under way.The call center staff should be prepared with alternatives to servethe members.

|

Certainly it is possible that no threat will, in factmaterialize; but we strongly believe that maintaining the trust ofmembers in the security of their credit unions is worth theeffort.

|

One more piece of information: Just last week, CUNA held anexploratory cyber security conference call with four of the biggestplayers in the CU space in this area. The goal of the call was totalk about if there are any standards or common things that creditunions and credit union organizations can align around to betterprotect the CU system. Some things that came out of thatdiscussion:

|

· Many credit unions don't have a cybersecurity response plan, don't have a board policy, may not be awareof the special insurance coverages specific to cybersecurity.
· Many credit unions are looking forvendors that can help in this area.
· One of the core takeaways was the we needbetter communication on this whole issue, so CUNA is looking totake a leadership role in sharing information in this area.

|

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.