DDoS Attacks: How to Reduce Your Risks

Steps to Monitor Traffic and Suspicious Activity

By , October 17, 2012.
DDoS Attacks: How to Reduce Your Risks
Read Transcript

Download the transcript of this interview in PDF format (sponsored by Corero Network Security)

As DDoS attacks on banks continue, institutions can take immediate steps to lessen the impact on customer experience and reduce fraud risks. Jason Malo of CEB TowerGroup offers insight.

"If institutions want to ensure they are protecting themselves, they have to know what their [regular] traffic looks like," says Malo, a financial-services research director at CEB TowerGroup and web security expert formerly with VeriSign.

When institutions get distracted by one attack, such as DDoS, fraudsters often will strike with another. "Financials need to be aware of the attacks that are kind of sneaking in under the radar," Malo explains. "They need to understand what is going on beyond the network."

The key message: Institutions must recognize that DDoS attacks come in many forms. Characterizing all DDoS attacks as merely floods of site traffic is a common mistake too many financial institutions make, he says. When banks and credit unions limit their views of what DDoS attacks comprise, they hinder their abilities to detect and prevent the attacks, and, possibly, detect and prevent fraud.

"One kind of attack is a network-based attack," Malo says. "So you need to understand what your traffic is supposed to look like. And then you have application attacks. For application attacks, you need to understand what's going on during the attack, to see what applications are attacked. And when you start looking at a combined attack, it becomes much more complex."

During this interview, Malo discusses:

  • Cloud-based services and other outsourced solutions that address DDoS;
  • How banks and credit unions should use big data to improve analytics and anomalous activity detection;
  • Why institutions need to implement more than intrusion detection and prevention systems.

Malo, who works in CEB TowerGroup's retail banking and cards practice, has more than 16 years of online service development, management and marketing experience. Malo is focused on market evaluation and product strategy for mobile banking, emerging threats, regulation and customer attitudes surrounding security and fraud across banking and card channels. Before joining CEB TowerGroup, Malo spent five years with VeriSign, where he managed development roadmaps and go-to-market strategies for cloud-based products that address threats to personal information, network infrastructure and commerce. Earlier, at Bank of America, Malo led projects that addressed enterprise and consumer authentication, consumer privacy and security, online banking, information security, and platform consolidation.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Why Banks Sued Home Depot

The consolidated class-action lawsuit filed by banking institutions against Home Depot is more...

Latest Tweets and Mentions

ARTICLE Why Banks Sued Home Depot

The consolidated class-action lawsuit filed by banking institutions against Home Depot is more...

The ISMG Network