As banks continue to suffer through website outages due to distributed denial of service attacks, regulators are warning bank executives to take these attacks very seriously. In an alert issued to the entire banking industry, officials at the U.S. Office of the Comptroller of the Currency last week requested that banks evaluate their risk management processes for dealing with cybercrimes.
"Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks," the alert states.
I'm guessing banks are already very aware of the implications of these attacks. While account holders may be frustrated by the inability to access their online banking statements, those behind these attacks may be looking to do much more than annoy customers. The report highlights that these attacks give thieves breathing room to gain access to accounts while banks work to fix the problems.
Still, while banks are constantly working to protect their mountains of confidential information, they have not been very proactive in educating account holders about these attacks. In some recent cases, banks have simply issued canned statements that their websites are experiencing delays, and they are working to fix the problems.
I can understand the hope to avoid a swarm of account holders with concerns that a group of hackers in Iran or Russia is targeting their money, but these attacks have become so commonplace that consumers do have the right to know about them. Regulators are asking financial institutions to shed some light on the situation for their customers.
"As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding website problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs," the alert declares.
How do you think banks should handle customer notifications during cyberattacks? Has your bank sent you any messages about cybercriminals targeting its website?