In late December, the Office of the Comptroller of the Currency (OCC) issued a message to CEOs, technology service providers, federal savings associations and other interested parties about targeted DDoS (Distributed Denial of Service) attacks against national banks.
According to the OCC, sophisticated groups are working together to deny Internet access to bank services by directing traffic from compromised computers to the bank, and distracting technical/personnel resources while gaining remote access to accounts. The groups then commit fraud via wire transfers.
As a result, the OCC recommends that banks take a few preparatory security measures, including:
When it comes to outsourcing technology to service providers, the OCC recommends adhering to the Information Security and the Outsourcing Technology Services booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). An exhaustive list of outsourcing requirements is provided that banks can use, including a list of ways any organization can do their due diligence in confirming and assessing a service provider:
In addition to vetting service providers, banks can also ensure they have certain best practice security technology employed to protect against and detect attacks. Daily log review is a service that includes tracking user activity, transporting and storing log events, log analysis and monthly reporting that can monitor and detect potentially malicious activity and users.
File integrity monitoring can also provide customizable alerts on changes made to system files, and offers insight into your technical environment. Ongoing monitoring can provide a faster response time to any issues that arise.
Or protect web servers and databases with a web application firewall (WAF) that can work better than a traditional IPS/IDS can by detecting and preventing SQL injections.
Find out about other technical security services and what can work best for your organization.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.