01-02-13 | Blog Post
In late December, the Office of the Comptroller of the Currency (OCC) issued a message to CEOs, technology service providers, federal savings associations and other interested parties about targeted DDoS (Distributed Denial of Service) attacks against national banks.
According to the OCC, sophisticated groups are working together to deny Internet access to bank services by directing traffic from compromised computers to the bank, and distracting technical/personnel resources while gaining remote access to accounts. The groups then commit fraud via wire transfers.
As a result, the OCC recommends that banks take a few preparatory security measures, including:
When it comes to outsourcing technology to service providers, the OCC recommends adhering to the Information Security and the Outsourcing Technology Services booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). An exhaustive list of outsourcing requirements is provided that banks can use, including a list of ways any organization can do their due diligence in confirming and assessing a service provider:
In addition to vetting service providers, banks can also ensure they have certain best practice security technology employed to protect against and detect attacks. Daily log review is a service that includes tracking user activity, transporting and storing log events, log analysis and monthly reporting that can monitor and detect potentially malicious activity and users.
File integrity monitoring can also provide customizable alerts on changes made to system files, and offers insight into your technical environment. Ongoing monitoring can provide a faster response time to any issues that arise.
Or protect web servers and databases with a web application firewall (WAF) that can work better than a traditional IPS/IDS can by detecting and preventing SQL injections.
Find out about other technical security services and what can work best for your organization.
Related Links:
PCI & HIPAA Data Breaches of 2012: Lessons Learned
Nationwide and Allied Insurance Breach
Risks on the Rise: Making a Case for IT Disaster Recovery
References:
Information Security: Distributed Denial of Service Attacks and Customer Account Fraud
Outsourcing Technology Services Booklet: FFIEC Information Technology Examination Handbook (PDF)