Risk Alert Features NCUA DDoS Guidance

February 21, 2013 by CUNA

The National Credit Union Administration has stepped into Washington’s cybersecurity discussion, identifying appropriate policies and procedures to guard against distributed denial-of-service (DDoS) attacks in a new credit union risk alert (13-Risk-01).

“The increasing frequency of cyber-terror attacks on depository institutions heightens the need for credit unions to maintain strong information security protocols,” the notice said.

DDoS attacks are attempts to disrupt or suspend online service by saturating the target’s network with external communication requests to overload its server. The NCUA letter noted that such attacks are sophisticated, requiring the vigilance of credit unions offering Internet-based financial services. “As the goal of DDoS attacks is causing service outages rather than stealing funds or data, typical network security controls–such as firewalls and intrusion detection and prevention systems–may offer inadequate protection,” the risk alert said.

To mitigate the issues presented by DDoS attacks, the NCUA suggested that credit unions:

Perform risk assessments to identify risks associated with DDoS attacks;
Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after an attack; and
Perform ongoing third-party due diligence, in particular on Internet and web-hosting service providers, to identify risks and implement appropriate traffic management policies and controls.

Risk Alert Features NCUA DDoS Guidance

Featured

What credit unions can learn from retail shopper trends

What’s your corporate culture?

The Credit Union Difference: Good, better and best

How HELOCs help credit unions diversify and serve their members

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!

Discussion