6 Rules for Banks to Prevent DoS attacks
By Collin Connors, ERMProtect IT Security Consultant
Denial of Service (DoS) attacks can be devastating for banks. These attacks involve sending traffic to a server hoping to overwhelm it and block access. For example, a hacker might try to mount a DoS attack against a website by continually sending requests, causing the website to take longer to load or even crash.
Banks are vulnerable since it would be devastating to have their websites down for any amount of time. Because of this, the Federal Financial Institutions Examination Council (FFIEC) has released a set of six rules that all banking organizations should follow to prevent DoS attacks.
The first rule states that organizations should:
- “Maintain an ongoing program to assess information security risk that identifies, prioritizes, and assesses the risk to critical systems, including threats to external websites and online accounts."
This rule emphasizes continual risk assessments and penetration tests. The only way for organizations to know their weaknesses is to continually search for them. The most important penetration test for finding DoS weaknesses is the external penetration test, which provides insight into how an organization may be attacked by someone outside of their network. Likewise, the application penetration test is vital to make sure there are no flaws in hosted applications that could lead to DoS attacks (Learn about our penetration testing services services here).
The next rule states that banks should:
- “Monitor Internet traffic to the institution’s website to detect attacks.”
With continual monitoring, cyber-response teams can be notified as soon as an incident happens. A quick response is vital since the sooner an incident is spotted, the sooner the response team can attempt to mitigate the damage. In some cases, even a few-minute delay can prove devastating.
After spotting an attack organization should:
- “Activate incident response plans and notify service providers, including Internet service providers (ISPs), as appropriate, if the institution suspects that a DDoS attack is occurring. Response plans should include appropriate communication strategies with customers concerning the safety of their accounts.”
The key here is to have an Incident response plan in place before an attack. The plan should include all key contact information along with clear steps to take to respond to the incident so organizations can move quickly.
To facilitate an effective response, banks should:
- “Ensure sufficient staffing for the duration of the DDoS attack and consider hiring precontracted third-party servicers, as appropriate, that can assist in managing the Internet based traffic flow. Identify how the institution’s ISP can assist in responding to and mitigating an attack.”
This rule emphasizes the importance of having both an internal cyber-response team and third-party experts in place to assist in case of an incident. Likewise, it is critical to know what measures the ISP can take to help mitigate a DoS attack. Most ISPs offer some form of DoS/DDoS protection.
After the incident, the FFIEC recommends:
- “Consider sharing information with organizations, such as the Financial Services Information Sharing and Analysis Center and law enforcement because attacks can change rapidly and sharing the information can help institutions to identify and mitigate new threats and tactics.”
Or course, sharing information about the attack can give government agencies and law enforcement critical data to prevent future attacks.
Lastly the organization should:
- “Evaluate any gaps in the institution’s response following attacks and in its ongoing risk assessments and adjust risk management controls accordingly.”
This is important to prevent future attacks on the organization. This may include patching systems or installing new software. After making substantial changes it is critical to perform a DoS attack to ensure that the changes made work.
All organizations, especially banks, should follow these guidelines. By conducting risk assessments, penetration tests, and DoS simulations, organization can spot their own vulnerabilities – before hackers do. Organizations that learn from their mistakes (and share them with others) will go a long way to prevent future attacks.
Collin Connors is an Information Security Consultant at ERMProtect Cybersecurity Solutions. He is getting his PhD in Computer Science at the University of Miami where he studies applications of artificial intelligence in cybersecurity as well as security of emerging technologies.
Get a curated briefing of the week's biggest cyber news every Friday.
Intelligence and Insights