64% of banks have suffered DDoS attacks

This is one of the findings of a new survey by Ponemon, commissioned by Corero Network Security. Ponemon questioned 650 IT staff at 350 banks, including some of the largest in the world, and found that only 22% believe that the attacks will decrease. 

The precise cause and purpose of the attacks is still unknown. An Iranian (but probably multi-national) group known as Izz ad-Din al-Qassam has claimed responsibility and cited retaliation for the anti-Muslim Innocence of Muslims video. US authorities tend to blame the attacks on the Iranian government as retaliation for Stuxnet and Wiper, and use it as an argument for the need for new cyber security laws. Some security experts believe it is a smokescreen to hide fraudulent wire transfers. However, whatever the cause, the effect is the same.

From the victims’ side, the biggest consequence would seem to be the increased workload caused. With a maximum severity rating of 7, diminished staff productivity scores 6.07. This followed by damage to reputation at 5.03, and lower end-user productivity at 4.97. Actual loss is less of a consequence: revenue loss at 4.02, theft of information assets at 2.08, and physical damage at 1.78.

In fact, the banks’ IT staff do not consider DDoS as their primary threat – it is sandwiched with a 5.55 severity rating between zero-day attacks (6.08) and phishing and social engineering (5.12).

The main barriers to preventing DDoS attacks are lack of staff and expertise, inadequate technologies, and insufficient financing. It is tempting to correlate this with the current defense technologies being used: traditional firewalls (35%), on-premise anti-DDoS (32%), intrusion detection and prevention (31%), anti-virus (24%), and ISP or cloud-based anti-DDoS (16%). This shows a heavy reliance on traditional security products being used for non-traditional purposes, while staff simultaneously recognize that such an approach is inadequate.

This is a view supported by Marty Meyer, president of Corero. “The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” he commented on the results of the survey. “Many organizations assume traditional firewalls can provide protection against DDoS and zero-day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.” He believes that specialist defenses are required that “are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for.”

What’s Hot on Infosecurity Magazine?