Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.
Although a hacktivist group says it has suspended distributed-denial-of-service attacks on U.S. banking institutions, banking and security leaders aren't convinced. "Banks should certainly remain on guard," says Gartner's Avivah Litan.
Hacktivists on Jan. 22 threatened more DDoS attacks against U.S. banks and claimed they recently hit three institutions. Despite banks' improvements in staving off online outages, the longevity of the attacks is concerning, experts say.
Banks have improved DDoS defenses, but ensuring ongoing online reliability requires a more offensive measure - one that rids the Internet of vulnerable sites that can too easily be used for bot traffic.
Independent monitoring shows U.S. banks doing a better job of deflecting DDoS attacks. Nevertheless, DDoS expert John Walker says the attackers continue to represent "a growing threat" to all organizations.
How are banks responding to DDoS phase 2? "From a technology standpoint, we have improved our defenses quite a bit," says Dan Holden of Arbor Networks. Experts discuss top DDoS lessons banks have learned.
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters claims that its second phase of distributed-denial-of-service attacks has affected nine banks since Dec. 11, and it warns more attacks are on the way.
Hacktivists on Christmas Day announced new plans for more DDoS attacks against U.S. banks, and it appears Citi was among the first hit, although the attackers named no specific targets in their latest threat.
PNC and Wells Fargo both reported only minor disruption from online traffic surges on Dec. 20. Has the strength of DDoS attacks subsided, or are banks getting better at defending against these strikes?