Distributed Denial of Service attacks. Better known as DDoS attacks. That's geek speak for the kind of cyber assault that hits a web server with so many requests for service that the site becomes unavailable for use by anyone else. Quite literally information overload.
A new study shows DDoS attacks are happening more and more at the nation's banks . The study's unsettling conclusion? They're not as prepared as you might expect, not even the big ones.
New kinds of attacks, old kinds of defenses The study was conducted by the Ponemon Institute and was reported on by Financial Times. Ponemon Institute is a U.S.-based research center that looks at privacy, data protection, and information-security policy issues.
The study's primary findings are that "more than two-thirds of banks have suffered at least one DDoS attack in the past 12 months," and also that "almost half of respondents ... said their banks had suffered multiple DDoS attacks in the past 12 months."
And while it would be reasonable to assume that DDoS attacks are mainly a problem for small banks -- which presumably can't afford the most up-to-date experts or the latest and greatest counter-technology -- this is actually a problem for some of the country's biggest banks. Over the past year, so-called "hacktivist" groups have hit Bank of America Corp (NYSE:BAC) , JPMorgan Chase & Co. (NYSE:JPM) , Citigroup Inc. (NYSE:C) , and Wells Fargo & Company (NYSE:WFC) with DDoS attacks.
IT staff responding to the study cited shortages of personnel, expertise, and proper technology as continuing issues in dealing with these events. Most frighteningly, according to the study, is that many banks still rely on old-fashioned firewalls to protect against DDoS attacks. The problem is, that's not what firewalls were designed for: Firewalls are old-style defenses for old-style attacks. As such, relying on them leaves banks vulnerable to these debilitating DDoS assaults.
Sorry, please try again later Imagine hackers bombing Amazon.com, Inc. (NASDAQ:AMZN)'s servers with so much fake traffic you can't log on to buy that toaster you need, or that movie on Blu-Ray you just have to have. That's a bummer. Incredibly frustrating maybe, but still just a bummer.
Now imagine hackers doing the same to Bank of America servers, and you can't log on to your bank account to transfer the money your son or daughter is waiting on at college, or you're a CFO who's trying to move some absurdly large amount of cash from one account to another, and instead all you get is a "please try again later" message from your bank. That's more than a bummer. That's completely unacceptable.
Whether you're that anxious parent or anxious CFO, who wants to keep their money where they're not sure it can be accessed when they need it? In this 24/7 online world, that's a more relevant question than ever. We all expect instant, unfettered access to any of our online services, and when we don't get it, we may decide to take our business elsewhere.
Don't just sit there, do something So as banks suffer more and more of these DDoS attacks, and consumers and CFOs find themselves more and more frighteningly unable to access their accounts, banks may find themselves losing more and more business.