Six Steps to Prepare for Cyber Attacks

By Ken Otsuka, Risk Management Senior Consultant, CUNA Mutual Group

Cyber attacks against U.S. financial institutions are nothing new. In 2012, however, cyber criminals yes claiming to be politically motivated conducted several well-publicized, large-scale attacks on national banks. Two credit unions were recent victims of the attacks, the scale and speed of which were unprecedented, according to Defense Secretary Leon Panetta.

The attacks disrupted online service at the impacted financial institutions. Other criminal groups launched similar attacks which served as smoke screens for attacks on customer accounts that diverted funds to accounts held by criminals at other institutions.

What is a ‘distributed denial of services’ (DDoS)?

In the world of internet banking, DDoS generally refers to an attempt to disrupt or suspend online service by saturating the targeted institution’s network with external communication requests to overload its server. Legitimate users either can’t logon, or can’t use any services because the system is responding so slowly.

Editor’s Note: In December 2012, the Northwest Credit Union Association (NWCUA) warned credit unions of the looming threat posed by these new types of cyber attacks, with Director of Compliance Services David Curtis predicting that “2013 may see terms like ‘Project Blitzkrieg,’ ‘DDos,’ and ‘Shamoom’ added to the credit union vernacular—and to the movement’s list of top priorities.”

Here are six steps credit unions can take to prepare for a cyber attack:

  1. Don’t underestimate the threat of cyber attacks.
    It’s true that most credit unions don’t face the same risk as national banks from attacks by high-profile cyber criminal groups. But the first thing to understand about cyber attacks is that we can’t predict the next type of attack to come along. We simply don’t know whether it will come from an established criminal organization or from a single perpetrator with an axe to grind. Don’t bet on behalf of your members that your credit union isn’t big enough to be a target.
  2. Mitigate the risk of service interruptions caused by DDoS attacks.
    You may not be able to prevent DDoS attacks, but you can establish a process to identify them. For example, you can monitor bandwidth usage, use firewall logs to determine what is being attacked, and use an intrusion detection system to identify the type of traffic.
  3. Perform due diligence on third-party service providers.
    Ensure that third parties such as internet service providers and web-hosting vendors address website problems caused by DDoS attacks. Confirm that the providers have a contingency plan for these types of attacks.
  4. Be prepared to provide timely and accurate information to members.
    Have you ever run a drill at your credit union to simulate how you would communicate to members that your website has been disabled or compromised? Have a plan in place to get the word out. The faster you do so, the better you can control the message and counter any rumors or misconceptions about what’s going on.

    Prepare your staff to monitor social media and search engine results to find out what’s being said in cyberspace about any interruption to your online services. You may need extra staff or third-party assistance to work the phones and to contact local media, if necessary, to be sure the correct information reaches your members as quickly as possible.

  5. Check transfers initiated via online banking when an attack occurs.
    When a DDoS attack occurs, the financial institution’s employees may be busy answering calls from customers who cannot access the institution’s website as well as performing other damage control steps. During the chaos, the institution may fail to notice fraudulent transactions initiated through online banking.

    When a DDoS occurs, be sure to review transactions initiated through online banking to identify suspicious transfers. If necessary, delay executing the transfers until you verify their legitimacy with the members.

  6. Have a strong multi-factor authentication method in place for online banking systems.
    Be sure your authentication process complies with the Federal Financial Institution Examination Council’s (FFIEC) updated authentication guidance issued in 2011. The FFIEC expects all financial institutions to have a fraud monitoring system in place to detect anomalies related to:
    1. The initial login and authentication of members requesting access to the online banking system, and;
    2. Initiating fund transfers to other parties.

Ken Otsuka is a risk management senior consultant at CUNA Mutual Group. For more information about protecting your credit union from cyber crime and other risks, contact CUNA Mutual Group at 800.356.2644 or

Strategic Link is the NWCUAs wholly-owned service corporation, providing the Associations member credit unions with exclusive high-quality, competitively-priced products and discounted services. To learn more about how the Association’s partnership with CUNA Mutual Group can benefit your credit union, contact Director of Strategic Partnerships Craig Reed: 206.340.4789,

Posted in Around the NW, Awards.