Banks Under Attack: PR Missteps

Better Communication Needed in Wake of Outages
Healthcare organizations can learn a lesson from communication missteps in the banking sector. Banks struck by DDoS attacks are missing an opportunity to educate customers about cybersecurity, says Gregory Nowak of the Information Security Forum.

Because there is so much media coverage of these attacks, allegedly waged by a group calling itself Izz ad-Din al-Qassam Cyber Fighters, consumers are alarmed and confused about the security of their accounts. And the targeted banks are doing nothing significant to ease concerns, says Nowak, a principal research analyst with the ISF.

"The banks that have been affected are missing a great opportunity to communicate and educate their users," Nowak says. "I've tried visiting the sites, and there's nothing on any of the bank sites that says 'Here's what's going on; here's how you can understand it. Your information is safe.'"

Some third-party sites have tracked the attacks and outages well, he says, but the institutions themselves have been too quiet - which only heightens fears. "They seem to be regarding it as a secret," Nowak says. "They say 'Some people have access issues.' Well, people know they have access issues. [The banks] should be taking the opportunity to explain to their customers the difference between a denial of service attack and some sort of hacking attack that actually puts information at risk."

Nowak, an expert on this new phenomenon of hacktivism, says security leaders need to realize that these incidents are ideological attacks against the U.S., and banks are not the only potential targets.

"The attacks have nothing to do specifically with the activities of these banks - they were innocent bystanders," Nowak says. "The message is: This can happen to any organization, and they need to consider [hacktivism response] as part of their risk management."

In an interview about how organizations should respond to this new wave of hacktivist attacks, Nowak discusses:

  • Why these DDoS attacks are successful;
  • Flaws in institutions' prevention and response plans;
  • How to properly manage the risks of hacktivism.

Also, don't miss Nowak's new webinar on hacktivist attacks: Hacktivism: How to Respond.

Nowak is a principal research analyst for the Information Security Forum, an independent authority on information security. He has worked on ISF research projects on Hacktivism, cybercitizenship and securing mobile devices. He also is responsible for ISF's Information Risk Analysis Methodology (IRAM).

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.