The Evolution of DDoS in Financial Services — Much More than a Nuisance
July 1999: While you may have been “Livin' La Vida Loca,” there were others who were thinking of a way to overwhelm a target website with traffic — to slow or even disable it altogether for legitimate users — until the internet services were no longer operational. They were devising the world’s first distributed denial-of-service (DDoS) attack.
Within the next decade, the financial services industry would endure a systematic campaign of DDoS attacks against nearly 50 institutions in the U.S. financial sector that disabled bank websites and prevented customers from accessing accounts. These attacks collectively required tens of millions of dollars to mitigate.
Why DDoS is still wreaking havoc on financial institutions
The very nature of the work that financial institutions do — acting as the main custodians of money — makes them a unique target of cybercriminals, and attackers continue to use more sophisticated tools and tactics in their effort to gain access to valuable financial assets and data.
Cyberattacks cost an average of 50% more for financial institutions than for all other industries combined.
To make matters worse, the threat landscape for financial institutions continues to evolve. The explosion of digital financial services, combined with cloud computing initiatives and new application delivery models, has expanded the attack surface that criminals can exploit.
The attack volume is increasingDDoS attacks can be large, distributed across the globe, and relatively easy to launch. They also often serve as a decoy, masking other more serious types of attacks, which makes them highly disruptive.
According to our January 2023 report, written in conjunction with FS-ISAC, the volume of DDoS attacks against financial institutions increased by 22% since last year. And, in Europe, the news was even worse — DDoS attacks against financial institutions in Europe increased by 73%.
Building a strong response
DDoS preparedness must be based around an “always-on” mentality. Financial institutions should perform an evaluation of business-critical applications and their respective attack surfaces. They should also periodically reevaluate risk appetite and acceptance decisions, based on the evolving threatscape as well as market and regulatory changes, like the European Union’s Digital Operational Resilience Act (DORA).
And although cyber insurance can be an integral component of an overall strategy, those policies typically deal with the aftermath of a cyberattack, so it should be clear that cyber insurance is not a mitigation strategy.
Under attack?
If you are currently under attack or threat of extortion, you can get help 24/7/365. Additionally, if you receive an extortion email, please contact local law enforcement.
Learn more
Want to learn more about the evolution and growing threat of DDoS attacks?
