NCUA Risk Alert: Credit Union DDoS Attacks

by Robin Remines

In disaster planning, we always teach that it’s not “IF”, it’s “WHEN” an event will occur and unless you are completely isolated from the internet, it makes sense for your credit union to assume that it will also come under a cyber threat at some point. In fact, credit union DDoS attacks caught the attention of NCUA this year leading them to issue Risk Alert 13-RISK-01 in February.  The risk alert provides guidelines to help credit unions protect against DDoS attacks. Sometimes guidelines are not enough so I asked our OGO Intelligence team to weigh in on the strategies outlined in the risk alert and provide additional steps you can take today to protect your credit union infrastructure!

NCUA recommended strategies for mitigating DDoS risk include:

• Performing risk assessments to identify risks associated with DDoS attacks.

OGO: This part is pretty straightforward. What is your internet presence? Website, online banking, credit reports, loan applications, online loan applications, cash management are but a few processes or systems I can think of that virtually ALL credit unions rely on the internet for.  You can’t really weigh your risk on when the “bad guy” is going to target your infrastructure but you can work to have alternate delivery channels in place should you lose your internet service. First step?  Review your business impact analysis (BIA) and line-by-line designate whether that process requires the internet to function. Not rocket science I know. Sorry for those that thought it would be harder!

continue reading »