With hackers who pull off take downs getting stealthier and more vicious, security leaders across all industries need to be prepared
Go ahead and ask CSOs from the nation's largest banks about the myriad distributed denial-of-service (DDoS) attacks they've experienced in recent months. They're not going to tell you anything.
Security execs have never been comfortable talking about these attacks because they don't want to draw more attention to their companies. They worry that offering even the basic details of their defensive strategy will inspire attackers to find the holes.
But many companies are finding themselves under attack for the first time, and their security chiefs need answers if they're going to fight back. So despite knowing CSOs are reluctant to talk, we tried to get answers anyway. We offered several CSOs anonymity to tell their stories, a tactic that always worked before.
Not this time.
DDoS attacks have become more ferocious than ever the past few years, fueled by hacktivists who understand that every minute of downtime for a financial services site equals millions of dollars in lost business. Attacks hitting the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo have been so relentless and sophisticated that most security execs are too freaked out to discuss details.
"These DDoS attacks are a very sensitive issue now and not something we can talk about publicly," says the CISO at a midsize bank that operates out of the Pacific Northwest.
"Our communications department has asked that we don't discuss this with the media right now, out of concern that we may draw attention to ourselves and become a target," says a security officer at another financial services firm in the southeastern U.S.
Tight lips sink company defenses
While there's plenty of truth behind the old World War II propaganda posters that say, "Loose lips sink ships," the saying "Knowledge is power" also holds true, especially when it comes to defending modern business-technology systems. There's no doubt that tight lips can be a problem if you're the newly-minted CISO of a bank and find yourself under attack. You need good information on the most recent attacks and defense trends. >>Read more