From Defense to Offense – Three Steps to Successful Attack Mitigation
In the same week that undercover FBI agents foiled a plot to attack the Federal Reserve Bank in New York City, a ninth bank was hit in what has been an ongoing cyber-assault on financial institutions in the United States. While these two different types of attacks, one physical and one electronic, share similar targets, both were met with two very distinct mitigation strategies.
In the case of the Federal Reserve, undercover federal agents took a proactive posture. The public was never in danger because agents led the attacker to believe he was given real bomb making materials. However, in the case of the bank cyber attacks, despite prior knowledge of being targeted for DDoS attacks, banks have been on the defensive, scrambling to stop the hemorrhage disrupting their operations. The lesson here is clear – a strong offense is the best defense against hackers.
With the cyber attacks showing no signs of slowing down and continuing to cause a major disruption in the way we do banking, here are the three most important steps that financial institutions can take to best protect themselves:
1. As the old adage goes, sometimes the best defense is a good offense
Hackers armed with nothing more than a computer keyboard and code, disrupted the operations of almost a dozen banks and continue to threaten the financial services industry. Attacks against these nine banks will not only bear a significant cost to each individual institution, but may force customers to question their bank’s ability to secure personal information. To quantify the value of a strong offense, just try placing a value on losing customer trust. In this scenario, being on the offensive rather than taking a purely defensive posture is the new black. Stronger counter-measure operations that include shutting down the attacking computers, changing their course of action and eventually reducing the motivation of volunteers to join these attacks is essential. This will give banks the ability to change the attack’s dynamics and move from defense to offense.
2. More sophisticated attacks necessitate the need for more sophisticated defenses
Today’s hackers are much more sophisticated than ever before, using high-capacity, high-throughput servers compromised in advance to launch massive and intense attacks. Attacks like “Gozi Prinimalka” or “itsoknoproblembro” require advanced mitigation tools that can effectively deal with multi-layered threats that simultaneously strike the network, application and server. More and more, security teams are noticing that these attacks are persistent, lasting for days and sometimes even weeks. For banks to protect themselves from these attacks, they need to ensure they have advanced enterprise-wide security event management, service denial and behavioral protections as well as network scanning and malware propagation protections.
Unfortunately, most organizations aren’t staffed to fight a battle of attrition. Without real-time protection against these volumetric attacks it’s just a matter of time until more systems are compromised.
3. Put in place best practices for Advanced Persistent Threats (APTs)
The best approach for organizations to deal with the new era in cyber attacks – Advanced Persistent Threats (APTs) or attacks that are ongoing – is to have an emergency response plan. They should arm themselves with tools, techniques and staff members critical to responding to today’s APT cyber attacks. This includes and is not limited to:
- Having a “war room”: Identify internal IT staff, as well as external support through your IT vendor, MSSP or security systems vendor, to respond to attacks before they take place.
- A customer support plan: Provide an alternate way for customers to reach the bank, such as a dedicated call center, in order to maintain an open line of communication. Reassure your customers by informing them that the attack is “availability-based” and does not compromise their private information.
- Building a stronger offense: This will ultimately strengthen your defensive plan and help you build out a strong plan for counter-attacks.
While the threat of DDoS attacks on high profile institutions is omnipresent, being under persistent threat does not mean that banks have to be vulnerable. While having a solid plan won’t stop attacks from coming, it will definitely limit the impact attacks have on your enterprise, and most importantly, your customer’s perception of how safe their money is.