The Office of the Comptroller of the Currency (OCC), an independent bureau of the U.S. Department of the Treasury, recently released an alert to CEOs of all national banks, federal branches and agencies, and associated interested parties, calling for a heightened sense of awareness and offering risk mitigation information in response to a series of sophisticated DDoS attacks.
In the past few months, over a dozen of U.S. banks have fell victim to DDoS attacks. DDoS, short for Distributed Denial-of-Service, is a type of cyber-attacks in which a multitude of compromised systems attacks a single, targeted system making the system unavailable to its users by causing denial of service. The extent of damage caused by DDoS to business varies based on the time of attack, duration of outage, and type of services provided by the targeted system. It may range from an increased number of calls from inconvenienced customers to lost business or failure to meet a service level agreement. In case of banking, however, DDoS attacks present an additional layer of threat because DDoS attacks may be launched to divert bank’s resources and distract bank personnel so that intruders can simultaneously create an opportunity for computer fraud and information theft that may hamper bank’s operations and compromise valuable account information.
The alert is particularly important as it reiterates the OCC’s expectations on banks’ risk management programs. Banks are expected to have risk management programs to identify and consider new and evolving threats to online accounts and adjust technology safeguard such as adjustment to customer authentication and layered security. Further, banks are expected to ensure that an effective incident response approach with sufficient staffing is in place and proactive due diligence reviews are conducted to identify and mitigate risks posted by potential DDoS attacks. Participation in information sharing organizations such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) is also encouraged.
To read the OCC alert, please access the OCC bulletin at http://www.occ.gov/news-issuances/alerts/2012/alert-2012-16.html.