FFIEC Notice: Regarding DDoS Attacks on Banks


In the light of high-profile DDoS (distributed denial of service) attacks on banks, the Federal Financial Institutions Examination Council has issued a statement recommending that all banks employ stronger defenses against DDoS attacks.

"Financial institutions of all sizes that experience DDoS attacks may face a variety of risks, including operational risks and reputation risks," says the FFIEC. "If the attack is coupled with attempted fraud, a financial institution may also experience fraud losses as well as liquidity and capital risks."

Concerned by the FFIEC’s recommendations and what they mean for your bank? We’ve compiled a list of quick resources on this page.

DDoSAttacks.biz Explains the FFIEC’s Recommendations

Neustar’s Susan Warner explores the FFIEC’s DDoS recommendations one by one, in the light of DDoS diversionary tactics – or ‘smokescreening’ – where criminals use DDoS to distract IT teams while targeting databases with malware or viruses.

Bank Info Security podcast: What Does the FFIEC Letter Mean For Banks?

Listen to this interview with Neustar security expert Rodney Joffe to learn why the FFIEC chose now to issue DDoS guidelines, the substance of expectations for banking institutions, and how banks and credit unions should assess and mitigate their risks

News: Ellie Mae Hit with Timely DDoS Attack

News of a DDoS attack against Ellie Mae, which provides core operating systems and other technologies to mortgage originators, came the same week as banking regulators issued a reminder about mitigating the risks associated with such attacks, reports Bank Info Security.

Report: Banks Urged to Beef Up DDoS Defenses

The FFIEC’s recommendations may seem fairly basic, basic, but observers say many banks have had no formal processes in place to detect DDoS attacks, reports American Banker, quoting Neustar’s Rodney Joffe assessment that most banks remain extremely vulnerable to DDoS.

FFIEC Plans Cybersecurity Assessments

FFIEC announces new cybersecurity and risk mitigation assessments expected to be rolled out later in 2014 to help smaller banks identify potential gaps in their systems which pose potential risks to their enterprises and reputations.