Banks set to improve IT security in wake of last year’s high-profile cyber attacks

Two thirds of banks suffered a DDoS attack in 2012: Corero

More than two-thirds (64%) of banks in the US have suffered at least one Distributed Denial of Service (DDoS) attack in the past 12 months, according to independent research commissioned by Corero Network Security.

IT and IT security managers at 650 banks responded to the survey, which also revealed that almost one in two banks (49%) of respondents had suffered multiple DDoS attacks in the past 12 months. In addition to DDoS, respondents highlighted Zero-Day attacks – ones that exploit previously unknown vulnerabilities – as a major cause of concern.

Looking ahead, 78% of respondents said they believe that DDoS attacks will continue or significantly increase in 2013. Surprisingly, however, 50% of respondents cited insufficient personnel and expertise and a lack of effective security technology as the key barrier impacting their ability to deal with DDoS attacks.

Banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35%), to protect their organisation from today’s sophisticated attacks according to the survey, further raising concerns about the extent of board-level buy-in.

Corero president Marty Meyer said: “Last year a lot of the banks turned a bit of a blind eye to the problem even though it was hot in the press. They were relying on traditional security deployments that they’d already made and using hope as a strategy.”

J.P. Morgan Chase & Co., Bank of America and Wells Fargo were just a few high-profile victims of cyber attacks in 2012 – a year which raised serious concerns regarding the safety of financial institutions – and Meyer says this is prompting banks into action.

“We are seeing a tonne of activity in terms of engagement of the number of banks who are searching for information about DDoS mitigation, so I actually think there is going to be a ramped amount of spending in 2013,” he said.

“In 2012 we have seen a lot of attacks that have really raised the level of focus on the DDos problem. We have met with a few banks already this year and all of them have a budget for DDoS, and many of them for on-premise DDoS.”