Although hacktivists announced suspension of DDoS attacks against banks, other industries are now getting hit, and banks can't afford to get complacent because of the fraud risk, says security specialist Bill Stewart.
Although a hacktivist group says it has suspended distributed-denial-of-service attacks on U.S. banking institutions, banking and security leaders aren't convinced. "Banks should certainly remain on guard," says Gartner's Avivah Litan.
Hacktivists on Jan. 22 threatened more DDoS attacks against U.S. banks and claimed they recently hit three institutions. Despite banks' improvements in staving off online outages, the longevity of the attacks is concerning, experts say.
It's not malware, crime rings or hacktivists. What, then, are among the threats that concern security leaders most? CISO Tom Newton offers new insight on today's top threats and strategies to combat them.
Banks have improved DDoS defenses, but ensuring ongoing online reliability requires a more offensive measure - one that rids the Internet of vulnerable sites that can too easily be used for bot traffic.
Independent monitoring shows U.S. banks doing a better job of deflecting DDoS attacks. Nevertheless, DDoS expert John Walker says the attackers continue to represent "a growing threat" to all organizations.
"A year ago, quite frankly, the capability was not there," DHS Deputy Undersecretary for Cybersecurity Mark Weatherford says. "We did not have the capacity to collaborate nearly as effectively as we do now."
How are banks responding to DDoS phase 2? "From a technology standpoint, we have improved our defenses quite a bit," says Dan Holden of Arbor Networks. Experts discuss top DDoS lessons banks have learned.
Which fraud trends need the most attention from U.S. banking institutions in 2013? Distributed-denial-of-service attacks and account takeover, says FS-ISAC's Bill Nelson, who offers fraud-fighting tips.