Banks Struggle With Wave of Cyberattacks
Group claiming Middle Eastern ties complicates lives of banks, and the consumers they deal with, in wave of cyberattacks.
Have you had trouble checking your balance lately? There’s a reason for that — and a lesson in cybersecurity.
Over the past week, a number of major banking chains — including JPMorgan Chase, Wells Fargo, Citigroup, PNC, Bank of America, and U.S. Bank — have had their services interrupted as a result of an ongoing wave of cyberattacks. PNC’s site, for example, stopped working on Friday because of a hacking.
A group, which refers to itself as the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks, according to The New York Times. It claimed to be upset with a recent anti-Islam film posted on YouTube.
Reportedly using social media to gather sympathizers for its distributed denial of service (DDoS) attacks, the group says it plans to continue to target American financial institutions.
The bank industry, meanwhile, has been keeping an eye on what’s happening. The Financial Services Information Sharing and Analysis Center remains on high alert since September 19, noting on its official site “recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions.”
“There is an elevated level of threat,” American Bankers Association Vice President Doug Johnson told ABC News last week. “The threat level is now high.” On Friday, Johnson told the AP that the attacks were “tapering off.”
A problem of communication?
Whether the attacks have tapered off, a possible issue here, according to Greg Nowak of the Information Security Forum, is that banks have been doing a poor job communicating the issues to their customers.
“The banks that have been affected are missing a great opportunity to communicate and educate their users,” Nowak told Bank Info Security. “I’ve tried visiting the sites, and there’s nothing on any of the bank sites that says, ‘Here’s what’s going on; here’s how you can understand it. Your information is safe.'”
There’s a lesson for associations here, too. The lack of authoritative communication seems like a common issue for organizations when things go bad on the cybersecurity front. For example, after its recent security breach, IEEE didn’t immediately let its members know what was going on, creating a period of uncertainty before the group made a public statement. A crisis plan during periods of weakened security may be necessary to help ease concerns for members.
Do you feel that the banking industry is doing enough to inform consumers about this issue? And have your interests ever been targeted in a cyberattack? Leave your thoughts in the comments.