The banking and financial services industries have alwaysbeen one of the primary targets for high-profile attacks. Themotivation is blatantly obvious – to cripple an institution’swebsite, steal critical customer data and, of course, for reap thefinancial benefits. Recent attacks, such as Yummba and Zeus, haveonly reinforced the notion that malware and DDoS developers have akeen interest in the industry – and this does not just include thelarge, global institutions, this includes smaller banks and creditunions, too.

The fallout from these attacks is significant, and clashes withthe ultimate goal for any financial institution: To provide aconvenient experience that instills trust and encourages long-termcustomer loyalty. According to Financial Publishing Services, datashows that banks are losing customers at an average of 12.5 percenteach year – for reasons that include poor customer experiences andpoor security. This is an alarming statistic, especially for creditunions that are working within small geographic locations and havemore to lose.

Financial institutions have made strides in recent years toprovide customers with personalized, easy-to-use sites that areoptimized for all browsers and devices. Of course, that is anecessity when it comes to providing a better, positive customerexperience, but it must not come at the expense of the securityneeds that the industry demands. There needs to be a balancebetween user-friendliness and security that can satisfy both thefinancial institution and the customer.

In order for banks and financial institutions to accomplish andachieve the customer experience trifecta of convenience, trust andloyalty, security must be a top priority and carefully incorporatedinto the customer experience strategy. And for that strategy to beeffective, banks and financial institutions first need to be awareof what they’re up against.

Today, we are seeing a number of different attacks impacting thenetwork.

IT administrators, whether at a large institution or smallcredit union, need to know how to protect against and have plans inplace for the following threats:

Distributed Denial of Service (DDoS) attacks:DDoS attacks are quite possibly the most common attack method thatthe financial services industry needs to protect against. DDoSattacks occur when an attacker exploits the network by flooding atarget and forcing it to shut down – thereby denying service to thelegitimate users, or in this case, the financial institution’scustomer. A DDoS attack can be used by the attacker as adistraction to position malicious malware and exfiltrate sensitivedata while the IT administrator is working to get the site back upand running.

Short-duration, probing attacks: Theseattacks are very common and can be detrimental for financialinstitutions when it comes to protecting customer data. In thesescenarios, attackers will attempt to gain access to the networkthrough the weakest point in the system. While inside, attackerscan collect and steal valuable information and plan for a muchlarger attack – possibly a DDoS attack that will overwhelm andbring down the site.

IT administrators working with financial institutions need to bevigilant and quick to add defensive rules that can limit thismalicious traffic – such as implementing policies that can limitthe exposure to and protect customer data.

Multi-vector attacks: A multi-vectorattack is an attack that also leverages the “weakest” part of anetwork – often times stemming from poor internal security postureor a threat embedded inside an application. These attacks arechallenging to mitigate because they involve a combination ofsimultaneous attack tactics ranging from volumetric to applicationlayer attacks. They are also tailored carefully to bypass mostfirewalls and anti-virus software.

To thwart multi-vector attacks, organizations need to quicklyevaluate the threat to each vector and simultaneously work tomitigate by prioritizing – meaning curing the threat that has themost estimated impact first. Because financial institutions workwith customer finances and critical data, that distinction can be adifficult one to make, but it is imperative to have the processesin place in order to mitigate risks.

At the end of the day, protecting a network boils down to threesimple, yet critical, variables: Preparedness, skill andtechnology. Working closely with your vendors and security teamduring “peace time” to ensure that you are fully prepared for anattack scenario is crucial. Being prepared for every scenario isimperative – whether it be figuring out the best, most appropriateproduct configuration or determining what needs to happen in theevent of a “fire drill.” During an attack situation, financialinstitutions need to be proactive – finding the best, scalable andcutting edge technology that is capable of staying one step aheadof the attackers and optimized to offer the best, most secureexperiences for the end customer.

After all, isn’t that what they mean when they say “convenientbanking?”

Mani Sundaram is vice president, global services at AkamaiTechnologies.