Two-thirds of Banks Hit By Distributed Denial of Service Attack in Past Twelve Months Finds Research
Inadequate technology and insufficient personnel cited as the key obstacles to preventing attacks
HUDSON, MA., January 22, 2013 – More than two-thirds (64%) of IT & IT security practitioners reported that their banks have suffered at least one Distributed Denial of Service (DDoS) attack in the last 12 months, according to independent research commissioned by Corero Network Security (CNS: LN), a leading provider of network and application layer DDoS defense products. The research of 650 IT and IT security practioners at 351 banks, including from some of the largest in the world, also revealed that 78% of those surveyed believed that DDoS attacks will continue or significantly increase in 2013, leaving them vulnerable to cyber attacks that could lead to downtime and compromised data.
Conducted by the Ponemon Institute, almost half of respondents (48%) said their banks had suffered multiple DDoS attacks in the past 12 months. They stated that along with DDoS attacks, Zero-Day attacks, an attack that exploits a previously unknown vulnerability, are considered to be the most severe security threats. Among the key barriers impacting banks ability to deal with DDoS attacks, 50% cited insufficient personnel and expertise and a lack of effective security technology as the most serious concerns, followed by insufficient budget resources.
Despite the recognition that the threat of DDoS attacks is not abating, the survey revealed that banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35%) to protect their organization from today’s sophisticated attacks.
"The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security," said Marty Meyer, President of Corero. "Many Organizations assume traditional firewalls can provide protection against DDoS and Zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through. Organizations need to add First Line of Defense solutions that can provide this protection and are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for."
The findings add further support to the trend that hacktivist groups proactively target banks with Bank of America, JPMorgan Chase, Citigroup, Wells Fargo and Capital One and others again allegedly being actively targeted with DDoS attacks since the end of 2012.
“It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on a continued basis” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “When such an attack occurs, the time and efforts of IT staff are devoted to dealing with the problem instead of managing other IT operational and security priorities. This leaves financial institutions open to more dangerous attacks that further compromise their infrastructure.”
To download the full report, please go to https://www.corero.com/resources/files/analyst-reports/CNS_Report_Ponemon_Jan13.pdf.