CO-OP Financial Services has announced release of a freeDDoS mitigation white paper intended to offer guidance tocredit unions, especially in the run up to the possible May7 attacks announced by groups affiliated with the hackerorganization Anonymous.
|The white paper is here.It was written by Ray Zadjmool, president of Tevora, a Lake Forest,Calif., information assurance consulting firm.
|Included in the white paper is DDoS incidence reporting where asampling of credit unions were asked if they had ever experienced aDDoS attack. One-third – 33% – said yes. Forty-threepercent said they did not kno
|Also Read:
- Was May 7 Only a Test?
- May 8: Attacks But No Time to Let GuardDown
- Mixed Views in LinkedIn Poll on May 7Warning
- No Takedowns Reported Tuesday
- Anonymous May 7 Target List IncludesCUs
- Krebs: DHS Memo Says 'More Bark ThanBite'
- Threat of the Week: May 7, Ready orNot
- CUNA Explains Thinking BehindWarning
- Reactions Vary to May 7 Warning
- DDoS Attacks Often Fraud Diversions
- Mark Your Calendar (or Not) for May 7Attacks
- CUNA Issues May 7 DDoS Warning
Importantly, of the credit unions that had experienced a DDoSattack, none had reported it to external parties, making doingincidence counts difficult.
|Only a handful – 7% – said they had DDoS mitigation tactics inplace.
|The white paper succinctly recaps the recent history of DDoS,and it also offers a non-technical look at the kinds of DDoS thatfinancial institutions have recently been subjected to,
|Core to its advice is this: “Credit unions should … plan for astrategy that deals with DDoS much the same way as a naturaldisaster; an event that could disable critical services and impactsthe ability to conduct business.”
|It also follows NCUA's guidance in outlining a three-prongedapproach:
*”Perform risk assessments to identify risks associated with DDoSattacks.
* Ensure incident response programs include a DDoS attack scenarioduring testing and address activities before, during, and after anattack.
* Perform ongoing third-party due diligence, in particular onInternet and Web-hosting service providers, to identify risks andimplement appropriate traffic management policies.”
The white paper also offers analysis of vendor solutions offeredby companies such as Akamai and Prolexic.
|The paper's conclusion: “Implementing a DDoS mitigation strategyshould take into account a formal assessment of risk, priorplanning, third party due diligence, and capital investment. Byimplementing a variety of methods, credit unions and credit unionservice organizations can prepare for a security threat that ispoised to grow over time.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
