Gartner Blog Network

Bank Regulator issues informative alert on DDoS attacks

by Avivah Litan  |  December 21, 2012  |  1 Comment

Today the OCC put out an alert to its banks on the recent spate of DDoS attacks. The regulators acknowledged the existence of different attacker groups – some politically motivated and others financially motivated. They are also acknowledging that these DDoS attacks have in fact led to or been associated with fraud and customer account takeover.

The regulators do an excellent job of telling banks what to look out for, i.e. what some of these attacks look like. They are also correct in putting the banks on notice that:

a) They must ensure third party service providers (e.g. ISPs) are prepared for these events and doing all they can
b) They must disclose these incidents to the regulators and law enforcement
c) They must deploy layered security as outlined in the FFIEC guidance to mitigate financial damage from these attacks.

It’s reassuring to see that the OCC takes these threats very seriously. No doubt, they will step up their enforcement of FFIEC guidance on Internet banking security. That’s actually a good thing because regulators drive security action and spending, even though we would all like to think that this focus on security would exist independently in all cases and across the board – even without the regulators.

That simply isn’t the way it is. Some banks do spend enough on security – but many do not. This will help ensure that all – and not just some – of the banks regulated by the OCC at least, are putting the requisite resources into defending against DDoS attacks and their attending damage.

This is definitely a threat to the day to day workings of our financial systems. Thankfully there are lots of backup routes into a bank, e.g. branch, ATM machine, call center. But many users and customers depend on the internet and it’s very disruptive to business when it’s down.

In the meantime, add DDoS attacks to the checklist of things to worry about when trying to prevent fraud. Hopefully this will get the security, networking and fraud folks at the target financial institutions working more closely together.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio

Thoughts on Bank Regulator issues informative alert on DDoS attacks

  1. […] Litan of research firm Gartner said in a blog post Friday that the alert shows the OCC is taking the threat seriously, and this will likely result in […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.