Banking Blog

Finance Blogs » Banking Blog » Cyberattack: A risk to banking

Cyberattack: A risk to banking

By David McMillin ·
Saturday, December 29, 2012
Posted: 6 am ET

As banks continue to suffer through website outages due to distributed denial of service attacks, regulators are warning bank executives to take these attacks very seriously. In an alert issued to the entire banking industry, officials at the U.S. Office of the Comptroller of the Currency last week requested that banks evaluate their risk management processes for dealing with cybercrimes.

"Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks," the alert states.

I'm guessing banks are already very aware of the implications of these attacks. While account holders may be frustrated by the inability to access their online banking statements, those behind these attacks may be looking to do much more than annoy customers. The report highlights that these attacks give thieves breathing room to gain access to accounts while banks work to fix the problems.

Still, while banks are constantly working to protect their mountains of confidential information, they have not been very proactive in educating account holders about these attacks. In some recent cases, banks have simply issued canned statements that their websites are experiencing delays, and they are working to fix the problems.

I can understand the hope to avoid a swarm of account holders with concerns that a group of hackers in Iran or Russia is targeting their money, but these attacks have become so commonplace that consumers do have the right to know about them. Regulators are asking financial institutions to shed some light on the situation for their customers.

"As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding website problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs," the alert declares.

How do you think banks should handle customer notifications during cyberattacks? Has your bank sent you any messages about cybercriminals targeting its website?

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
January 01, 2013 at 6:08 pm

Spam is not what this story is about. It's about DDoS and hacking. DDoS are difficult to stop as they can be perpetrated from thousands compromised PCs (Zombies), that don't have regular security updates.

Hacking is also difficult to stop but every financial institution should have numerous firewalls and other security systems to prevent even the smartest hacker from being able to penetrate the system. The security measures need to be change regularly to compensate for any layers that the hackers may have been able to breach previously. It's a very serious game of cat and mouse and the banks and other entities need to take appropriate actions to prevent their systems from being hacked.

chris desanctis
January 01, 2013 at 5:55 pm

if you dont like the son of a gun, shoot em