From Credit Union Times, re Distributed Denial of Service attacks:
“We have no defenses against large-scale DDoS. None. We are talking with our Web host, to see what they can do to help, but right now we have nothing.” Read more
The speaker is the senior IT executive at a very large credit union. He made his remarks – with a promise of anonymity – during a break at the mid-May Finovate conference in San Francisco.
He is not alone. Kirk Drake, CEO of Ongoing Operations, a tech-focused CUSO in Maryland, said that by his estimate “99% of credit unions do not have DDoS protection.”
In fact the IT executive at Finovate is doing better than most. That’s because his credit union has sufficient weaponry to handle lower-grade DDoS – unleashed by a maladapted member with a gripe, or perhaps a former employee. Most credit unions don’t even have that much.
But were his institution to come within the sights of the al Qassam Cyber Fighters – who have taken down Chase and PNC as well as Patelco – or the Syrian Electronic Army, which recently took down the New York Times and the Financial Times, it would be game, set, match as his credit union’s website would collapse under the sophisticated and powerful barrages unleashed by these well-organized, well-funded organizations.
He knows that but he also knows that right now there is no money in his budget to purchase high-grade DDoS protection – and he frankly is hoping he won’t need it.
This is alarming - and a very large credit union is involved. Hoping the credit union won't need high-grade DDOS protection is not a strategy.